OSV-2026-610 Memcpy-param-overlap in htx_replace_blk_value

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=504612570 Crash type: Memcpy-param-overlap Crash state: htxreplaceblkvalue httpreplaceheadervalue httpschemebasednormalize...

Malicious code in htx-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7af8cfe522f6a03c75b9bf02f62bb022b2930607b810b33a905d16a26d2991c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1419 Malicious code in htx-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7af8cfe522f6a03c75b9bf02f62bb022b2930607b810b33a905d16a26d2991c2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in htx-dev (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 18c05dd9781405f8a19064535fdb213fba19de58f671ed5bc64d2cf1ed95e6d7 Any computer that has this package install...

Malicious code in htx-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea59d9da68ae649dea49d1c6f68c1e0dffcd2bde5987416db10abf148ada4adc Any computer that has this package install...

Malicious code in htx-production (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a324a3156986db6587e4fe70275125c2b106568801878d78c83f8fe6a268c3b0 Any computer that has this package install...

Malicious code in htx-internal (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11c21a33d124e256ea82e6288151a03d6521483b95b012e9939de5062c0d12c2 Any computer that has this package install...

MAL-2025-1320 Malicious code in htx-internal (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11c21a33d124e256ea82e6288151a03d6521483b95b012e9939de5062c0d12c2 Any computer that has this package install...

MAL-2025-1321 Malicious code in htx-main (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ea59d9da68ae649dea49d1c6f68c1e0dffcd2bde5987416db10abf148ada4adc Any computer that has this package install...

SUSE CVE-2019-14241

HAProxy through 2.0.2 allows attackers to cause a denial of service hapanic via vectors related to htxmanageclientsidecookies in protohtx.c...

Security update for haproxy (moderate)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2021:1329-1 Rating: moderate References: 1189877 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for haproxy fixes the following issues: -...

OESA-2021-1367 haproxy security update

HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic web sites and powers quite a number of the world's most visited ones. Security Fixes: An integer overflo...

DEBIAN-CVE-2021-40346

An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs...

Haproxy HAProxy 输入验证错误漏洞

HAProxy is an open source TCP/HTTP load balancing server from the French company HAProxy=. =HAProxy suffers from an input validation error vulnerability, which stems from a lack of header name length checking in the htxaddheader and htxaddtrailer functions in HAProxy, and can be exploited by an...

UBUNTU-CVE-2021-40346

An integer overflow exists in HAProxy 2.0 through 2.5 in htxaddheader that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs...

Security update for haproxy (moderate)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2021:2975-1 Rating: moderate References: 1189877 Cross-References: CVE-2021-40346 CVSS scores: CVE-2021-40346 SUSE: 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 An update...

Security update for haproxy (moderate)

openSUSE Security Update: Security update for haproxy Announcement ID: openSUSE-SU-2019:2555-1 Rating: moderate References: 1142529 Cross-References: CVE-2019-14241 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for haproxy ...

CVE-2007-3107

The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits...

security flaw

The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clearing of MSR bits...

Technical Details of BadBlue EXT.DLL Vulnerability

Several days ago, I reported a vulnerability in the EXT.DLL ISAPI of BadBlue. BadBlue 1.7.3 has now been released by the vendor Working Resources at http://www.badblue.com/down.htm for administrators to upgrade their systems. The vulnerability exists in how EXT.DLL sanitizes input for HTX/HTS...