Lucene search
+L

505 matches found

osv
osv
added 2 days ago5 views

MGASA-2026-0250 Updated haproxy packages fix security vulnerability

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS6.1AI score0.00431EPSS
Exploits0References2
nessus
nessus
added 2026/07/09 12:0 a.m.2 views

TencentOS Server 4: haproxy (TSSA-2026:0548)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0548 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

8.7CVSS6.2AI score0.00431EPSS
Exploits0References2
osv
osv
added 2026/07/07 10:14 a.m.5 views

SUSE-SU-2026:22557-1 Security update for haproxy

This update for haproxy fixes the following issues - Update to version 3.2.21+git0.dbe43be37 - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference...

9.1CVSS6.2AI score0.00431EPSS
Exploits0References5
osv
osv
added 2026/07/07 10:11 a.m.2 views

OPENSUSE-SU-2026:21245-1 Security update for haproxy

This update for haproxy fixes the following issues - Update to version 3.2.21+git0.dbe43be37 - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference...

9.1CVSS6.2AI score0.00431EPSS
Exploits0References4
osv
osv
added 2026/07/07 10:11 a.m.3 views

SUSE-SU-2026:22587-1 Security update for haproxy

This update for haproxy fixes the following issues - Update to version 3.2.21+git0.dbe43be37 - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference...

9.1CVSS6.2AI score0.00431EPSS
Exploits0References5
nvd
nvd
added 2026/07/06 11:16 a.m.11 views

CVE-2026-58226

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS0.00438EPSS
Exploits0References4
euvd
euvd
added 2026/07/06 9:3 a.m.7 views

EUVD-2026-41861

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/06 9:3 a.m.32 views

CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS0.00438EPSS
Exploits0References4
osv
osv
added 2026/07/06 9:3 a.m.5 views

CVE-2026-58226 Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax

Inefficient Algorithmic Complexity vulnerability in elixir-mint hpax allows unauthenticated denial-of-service via unbounded HPACK integer decoding. hpax decodes HPACK variable-length integers with no upper bound on the decoded value or the number of continuation octets...

8.7CVSS6.1AI score0.00438EPSS
Exploits0References9
osv
osv
added 2026/07/03 12:52 p.m.1 views

SUSE-SU-2026:22515-1 Security update for haproxy

This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within...

9.1CVSS6.2AI score0.00431EPSS
Exploits0References5
nessus
nessus
added 2026/07/02 12:0 a.m.19 views

Linux Distros Unpatched Vulnerability : CVE-2026-54428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows a...

7.5CVSS6.2AI score0.00587EPSS
Exploits0References3
snyk
snyk
added 2026/07/01 7:24 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforced limits in the HPackDecoder process. An attacker can exhaust system memory by sending oversized compressed header blocks before the HTTP/2 SETTINGS...

7.5CVSS6.1AI score0.00587EPSS
Exploits0References2
nvd
nvd
added 2026/07/01 6:16 p.m.12 views

CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS0.00587EPSS
Exploits0References2
osv
osv
added 2026/07/01 6:16 p.m.5 views

DEBIAN-CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/01 5:3 p.m.6 views

CVE-2026-54428

Allocation of resources without limits or throttling in the HTTP/2 HPACK decoder in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending oversized compressed header blocks before the HTTP/2...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2
osv
osv
added 2026/06/29 5:40 a.m.4 views

BIT-HAPROXY-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.8AI score0.00431EPSS
Exploits0References3
nessus
nessus
added 2026/06/27 12:0 a.m.6 views

SUSE SLES15 Security Update : haproxy (SUSE-SU-2026:2652-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2652-1 advisory. This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that...

9.1CVSS6.1AI score0.00431EPSS
Exploits0References7
osv
osv
added 2026/06/26 12:21 p.m.4 views

SUSE-SU-2026:2652-1 Security update for haproxy

This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within...

9.1CVSS6AI score0.00431EPSS
Exploits0References5
osv
osv
added 2026/06/26 12:18 p.m.3 views

SUSE-SU-2026:2651-1 Security update for haproxy

This update for haproxy fixes the following issues - CVE-2026-55203: integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers bsc1268557. - CVE-2026-55204: null pointer dereference vulnerability in hpackdhtinsert within...

9.1CVSS6AI score0.00431EPSS
Exploits0References5
cve
cve
added 2026/06/25 6:36 p.m.59 views

CVE-2026-28898

CVE-2026-28898 concerns swift-nio-http2, where the HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before translating to HTTP/1.1. The issue is addressed in swift-nio-http2 1.44.1, which adds validation for all pseudo-header values (:path, :authority, :scheme...

5.3CVSS5.8AI score0.00192EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder