Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 32 results


CVE-2024-49214

Medium priority
Not affected

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-45506

Medium priority
Not affected

HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as exploited in the wild in 2024.

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-45539

Medium priority
Fixed

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as...

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-44487

High priority

Some fixes available 18 of 56

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

13 affected packages

dotnet6, dotnet7, dotnet8, h2o, haproxy...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dotnet6 Not in release Fixed Not in release Not in release Not in release
dotnet7 Not in release Fixed Not in release Not in release Not in release
dotnet8 Fixed Not affected Not in release Not in release Not in release
h2o Not affected Needs evaluation Needs evaluation Needs evaluation Not in release
haproxy Not affected Not affected Not affected Fixed Not affected
netty Not affected Fixed Fixed Not affected Not affected
nghttp2 Not affected Fixed Fixed Fixed Fixed
nginx Not affected Not affected Not affected Not affected Not affected
nodejs Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tomcat10 Needs evaluation Not in release Not in release Ignored Ignored
tomcat8 Not in release Not in release Not in release Needs evaluation Needs evaluation
tomcat9 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
trafficserver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show all 13 packages Show less packages

CVE-2023-40225

Medium priority
Fixed

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section...

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Fixed Not affected Not affected
Show less packages

CVE-2023-25950

Medium priority
Not affected

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a...

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-0836

Medium priority
Fixed

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when...

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Not affected Not affected Not affected
Show less packages

CVE-2023-25725

Medium priority

Some fixes available 8 of 9

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which...

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2023-0056

Medium priority
Fixed

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift...

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Fixed Not affected Not affected
Show less packages

CVE-2022-0711

Medium priority
Fixed

A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a...

1 affected packages

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Not affected Fixed Not affected Not affected
Show less packages