Search CVE reports

71 – 80 of 95 results

Detailed view

Sort by:

CVE-2015-3281

Medium priority

Fixed

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized...

1 affected package

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	—	—	—	—

CVE-2015-1283

Medium priority

Some fixes available 41 of 248

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or...

33 affected packages

cmake, ghostscript, texlive-bin, libparagui1.1, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
matanza	Ignored	Ignored	Ignored	Ignored
smart	Not in release	Not in release	Not in release	Not affected
vtk	Not in release	Not in release	Not in release	Not in release
expat	Not affected	Not affected	Not affected	Not affected
apache2	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
swish-e	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cadaver	Vulnerable	Vulnerable	Vulnerable	Vulnerable
cableswig	Not in release	Not in release	Not in release	Not in release
chromium-browser	Fixed	Fixed	Fixed	Fixed
coin3	Vulnerable	Vulnerable	Vulnerable	Vulnerable
gdcm	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
kompozer	Not in release	Not in release	Not in release	Not in release
oxide-qt	Not in release	Not in release	Not in release	Not in release
simgear	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Vulnerable
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
libxmltok	Fixed	Fixed	Fixed	Fixed
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected

CVE-2014-6269

Medium priority

Not affected

Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer...

1 affected package

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	—	—	—	—

CVE-2013-2175

Medium priority

Some fixes available 3 of 4

HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and...

1 affected package

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	—	—	—	—

CVE-2013-1912

Medium priority

Some fixes available 4 of 6

Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote...

1 affected package

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	—	—	—	—

CVE-2013-0341

Medium priority

Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

40 affected packages

tdom, apache2, apr-util, audacity, ayttm...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
tdom	—	—	—	—
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2013-0340

Medium priority

Ignored

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption),...

40 affected packages

apache2, apr-util, audacity, ayttm, cableswig...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	—	—	—	—
apr-util	—	—	—	—
audacity	—	—	—	—
ayttm	—	—	—	—
cableswig	—	—	—	—
cadaver	—	—	—	—
celementtree	—	—	—	—
cmake	—	—	—	—
coin3	—	—	—	—
expat	—	—	—	—
gdcm	—	—	—	—
ghostscript	—	—	—	—
grmonitor	—	—	—	—
insighttoolkit	—	—	—	—
kompozer	—	—	—	—
libparagui1.1	—	—	—	—
matanza	—	—	—	—
paraview	—	—	—	—
poco	—	—	—	—
python-xml	—	—	—	—
python2.4	—	—	—	—
python2.5	—	—	—	—
python2.6	—	—	—	—
simgear	—	—	—	—
sitecopy	—	—	—	—
smart	—	—	—	—
swish-e	—	—	—	—
tdom	—	—	—	—
texlive-bin	—	—	—	—
tla	—	—	—	—
vnc4	—	—	—	—
vtk	—	—	—	—
w3c-libwww	—	—	—	—
wbxml2	—	—	—	—
wxwidgets2.6	—	—	—	—
wxwidgets2.8	—	—	—	—
wxwindows2.4	—	—	—	—
xmlrpc-c	—	—	—	—
xotcl	—	—	—	—
xulrunner	—	—	—	—

CVE-2012-6702

Medium priority

Some fixes available 5 of 104

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

32 affected packages

apache2, cmake, ghostscript, paraview, libparagui1.1...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
apache2	Not affected	Not affected	Not affected	Not affected
cmake	Not affected	Not affected	Not affected	Not affected
ghostscript	Not affected	Not affected	Not affected	Not affected
paraview	Not affected	Not affected	Not affected	Not affected
libparagui1.1	Not in release	Not in release	Not in release	Not in release
ayttm	Not in release	Not in release	Not in release	Not in release
audacity	Not affected	Not affected	Not affected	Not affected
apr-util	Not affected	Not affected	Not affected	Not affected
cableswig	Not in release	Not in release	Not in release	Not in release
cadaver	Not affected	Not affected	Not affected	Not affected
expat	Not affected	Not affected	Not affected	Not affected
xmlrpc-c	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libxmltok	Not affected	Not affected	Not affected	Not affected
insighttoolkit	Not in release	Not in release	Not in release	Not in release
coin3	Not affected	Not affected	Not affected	Not affected
gdcm	Not affected	Not affected	Not affected	Not affected
kompozer	Not in release	Not in release	Not in release	Not in release
matanza	Not affected	Not affected	Not affected	Not affected
poco	Not affected	Not affected	Not affected	Not affected
simgear	Not affected	Not affected	Not affected	Not affected
sitecopy	Not in release	Not affected	Not affected	Not affected
smart	Not in release	Not in release	Not in release	Not affected
swish-e	Not affected	Not affected	Not affected	Not affected
tdom	Not affected	Not affected	Not affected	Not affected
texlive-bin	Not affected	Not affected	Not affected	Not affected
tla	Not affected	Not affected	Not affected	Not affected
vnc4	Not in release	Not in release	Not in release	Ignored
vtk	Not in release	Not in release	Not in release	Not in release
wbxml2	Not affected	Not affected	Not affected	Not affected
wxwidgets2.6	Not in release	Not in release	Not in release	Not in release
wxwidgets2.8	Not in release	Not in release	Not in release	Not in release
xotcl	Not affected	Not affected	Not affected	Not affected

CVE-2012-2942

Low priority

Some fixes available 4 of 7

Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to...

1 affected package

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	—	—	—	—

CVE-2012-2391

Low priority

Not affected

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2942. Reason: This candidate is a duplicate of CVE-2012-2942. Notes: All CVE users should reference CVE-2012-2942 instead of this candidate. All references...

1 affected package

haproxy

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
haproxy	—	—	—	—

Export to JSON

Results by page: