haproxy (SUSE:Linux Enterprise High Availability Extension 15 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Availability Extension 15 SP1 package haproxy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2023-25725 — CVSS 9.1 (critical): HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request…
CVE-2020-11100 — CVSS 8.8 (high): In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary…
CVE-2023-45539 — CVSS 8.2 (high): HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have…
CVE-2019-14241 — CVSS 7.5 (high): HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in…
CVE-2019-18277 — CVSS 7.5 (high): A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were…
CVE-2021-40346 — CVSS 7.5 (high): An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack…
CVE-2023-40225 — CVSS 7.2 (high): HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10…
CVE-2023-0056 — CVSS 6.5 (medium): An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an…