Search CVE reports

11 – 20 of 86 results

Detailed view

Sort by:

CVE-2023-40225

Medium priority

Fixed

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section...

1 affected packages

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
haproxy	—	Fixed	Fixed	Not affected	Not affected

CVE-2023-25950

Medium priority

Not affected

HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a...

1 affected packages

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
haproxy	—	Not affected	Not affected	Not affected	Not affected

CVE-2023-0836

Medium priority

Fixed

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when...

1 affected packages

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
haproxy	—	Fixed	Not affected	Not affected	Not affected

CVE-2023-25725

Medium priority

Some fixes available 7 of 8

HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which...

1 affected packages

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
haproxy	Fixed	Fixed	Fixed	Fixed	Vulnerable

CVE-2022-28331

Medium priority

Not affected

On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.

1 affected packages

apr

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apr	—	Not affected	Not affected	Not affected	Not affected

CVE-2022-25147

Medium priority

Fixed

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility...

1 affected packages

apr-util

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apr-util	—	Fixed	Fixed	Fixed	Fixed

CVE-2022-24963

Medium priority

Fixed

Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.

1 affected packages

apr

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apr	—	Fixed	Not affected	Not affected	Not affected

CVE-2023-0056

Medium priority

Fixed

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift...

1 affected packages

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
haproxy	—	Fixed	Fixed	Not affected	Not affected

CVE-2022-43680

Medium priority

Some fixes available 9 of 85

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	Not in release	Not in release	Not in release	Needs evaluation
cableswig	—	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Not affected	Not affected	Not affected	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Ignored	Ignored	Ignored
gdcm	Not affected	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Needs evaluation
libxmltok	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	—	Not in release	Not in release	Not affected	Not affected
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Not affected
thunderbird	Ignored	Ignored	Ignored	Ignored	Ignored
vnc4	—	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	—	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-40674

Medium priority

Some fixes available 11 of 103

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

24 affected packages

apache2, apr-util, ayttm, cableswig, cadaver...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected	Not affected
ayttm	—	Not in release	Not in release	Not in release	Needs evaluation
cableswig	—	Not in release	Not in release	Not in release	Needs evaluation
cadaver	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
cmake	Not affected	Not affected	Not affected	Not affected	Not affected
coin3	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
expat	Fixed	Fixed	Fixed	Fixed	Fixed
firefox	Not affected	Not affected	Fixed	Fixed	Ignored
gdcm	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
ghostscript	Not affected	Not affected	Not affected	Not affected	Not affected
insighttoolkit	—	Not in release	Not in release	Not in release	Needs evaluation
insighttoolkit4	Not in release	Not affected	Not affected	Not affected	Needs evaluation
libxmltok	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Not affected
matanza	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
smart	—	Not in release	Not in release	Needs evaluation	Needs evaluation
swish-e	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
tdom	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
texlive-bin	Not affected	Not affected	Not affected	Not affected	Needs evaluation
thunderbird	Ignored	Ignored	Ignored	Ignored	Ignored
vnc4	—	Not in release	Not in release	Needs evaluation	Needs evaluation
vtk	—	Not in release	Not in release	Not in release	Needs evaluation
wbxml2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
xmlrpc-c	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page: