haproxy (SUSE:Linux Enterprise High Availability Extension 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Availability Extension 15 package haproxy, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (9)
CVE-2020-11100 — CVSS 8.8 (high): In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary…
CVE-2018-14645 — CVSS 7.5 (high): A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in…
CVE-2018-20102 — CVSS 7.5 (high): An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when…
CVE-2018-20103 — CVSS 7.5 (high): An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite…
CVE-2018-20615 — CVSS 7.5 (high): An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a…
CVE-2019-14241 — CVSS 7.5 (high): HAProxy through 2.0.2 allows attackers to cause a denial of service (ha_panic) via vectors related to htx_manage_client_side_cookies in…
CVE-2019-18277 — CVSS 7.5 (high): A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were…
CVE-2021-40346 — CVSS 7.5 (high): An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack…
CVE-2018-11469 — CVSS 5.9 (medium): Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows…