| Bug | Description |
|---|
| TEMP-0000000-B9CD89 | BUG/MAJOR: http: prevent risk of reading past end with balance url_param |
| TEMP-0000000-1F321D | BUG/MAJOR: http: don't read past buffer's end in http_replace_value |
| CVE-2020-11100 | In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ... |
| CVE-2019-19330 | The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, ... |
| CVE-2019-14241 | HAProxy through 2.0.2 allows attackers to cause a denial of service (h ... |
| CVE-2019-11323 | HAProxy before 1.9.7 mishandles a reload with rotated keys, which trig ... |
| CVE-2018-20615 | An out-of-bounds read issue was discovered in the HTTP/2 protocol deco ... |
| CVE-2018-14645 | A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, ... |
| CVE-2018-11469 | Incorrect caching of responses to requests including an Authorization ... |
| CVE-2018-10184 | An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ... |
| CVE-2016-5360 | HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, all ... |
| CVE-2015-3281 | The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1. ... |
| CVE-2014-6269 | Multiple integer overflows in the http_request_forward_body function i ... |
| CVE-2013-2175 | HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ... |
| CVE-2013-1912 | Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5- ... |
| CVE-2012-2942 | Buffer overflow in the trash buffer in the header capture functionalit ... |