Search CVE reports


Toggle filters

41 – 50 of 89 results


CVE-2021-40346

Medium priority
Fixed

An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs.

1 affected package

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-35940

Medium priority
Fixed

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0...

1 affected package

apr

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apr Fixed Not affected Not affected Fixed
Show less packages

CVE-2021-39242

Medium priority
Fixed

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host and authority is mishandled.

1 affected package

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Not affected Not affected Not affected
Show less packages

CVE-2021-39241

Medium priority
Fixed

An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. It is possible that a server...

1 affected package

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-39240

Medium priority
Fixed

An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, the authority field...

1 affected package

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Not affected Not affected Not affected
Show less packages

CVE-2020-11100

Medium priority
Fixed

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing...

1 affected package

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Not affected
Show less packages

CVE-2019-19330

Medium priority
Fixed

The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.

1 affected package

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Not affected
Show less packages

CVE-2019-18277

Medium priority
Fixed

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse...

1 affected package

haproxy

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
haproxy Fixed Fixed
Show less packages

CVE-2019-12412

Medium priority

Some fixes available 3 of 5

A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

1 affected package

libapreq2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libapreq2 Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-15903

Medium priority

Some fixes available 51 of 180

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a...

32 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
apache2 Not affected Not affected Not affected Not affected Not affected
apr-util Not affected Not affected Not affected Not affected Not affected
audacity Needs evaluation Not affected Not affected Not affected Not affected
ayttm Not in release Not in release Not in release Not in release Needs evaluation
cableswig Not in release Not in release Not in release Not in release Needs evaluation
cadaver Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
chromium-browser Fixed Fixed Fixed Fixed Fixed
cmake Not affected Not affected Not affected Not affected Not affected
coin3 Not affected Not affected Not affected Vulnerable Vulnerable
expat Not affected Not affected Not affected Fixed Fixed
firefox Fixed Fixed Fixed Fixed Fixed
gdcm Not affected Not affected Not affected Not affected Not affected
ghostscript Not affected Not affected Not affected Not affected Not affected
insighttoolkit Not in release Not in release Not in release Not in release Needs evaluation
insighttoolkit4 Not in release Not affected Not affected Not affected Needs evaluation
kompozer Not in release Not in release Not in release Not in release Not in release
libparagui1.1 Not in release Not in release Not in release Not in release Not in release
libxmltok Vulnerable Fixed Fixed Fixed Fixed
matanza Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
poco Not affected Not affected Not affected Not affected Not affected
simgear Not affected Not affected Not affected Not affected Not affected
sitecopy Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
smart Not in release Not in release Not in release Not affected Not affected
swish-e Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tdom Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
texlive-bin Not affected Not affected Not affected Not affected Not affected
thunderbird Fixed Fixed Fixed Fixed Fixed
vnc4 Not in release Not in release Not in release Vulnerable Vulnerable
vtk Not in release Not in release Not in release Not in release Fixed
wbxml2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
wxwidgets2.8 Not in release Not in release Not in release Not in release Not in release
xmlrpc-c Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show all 32 packages Show less packages