CVSS: 7.5EPSS: 0%CPEs: 56EXPL: 0CVE-2015-3281 – haproxy: information leak in buffer_slow_realign()
https://notcve.org/view.php?id=CVE-2015-3281
06 Jul 2015 — The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request. La función buffer_slow_realign en HAProxy 1.5.x anterior a 1.5.14 y 1.6-dev no realinea correctamente un buffer que es utilizado para datos salientes pendientes, lo que permite a atacantes remotos obtener información sensib... • http://git.haproxy.org/?p=haproxy-1.5.git%3Ba=commit%3Bh=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 1CVE-2014-6269 – haproxy: remote client denial of service vulnerability
https://notcve.org/view.php?id=CVE-2014-6269
24 Sep 2014 — Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read. Múltiples desbordamientos de enteros en la función http_request_forward_body en proto_http.c en HAProxy 1.5-dev23 anterior a 1.5.4 permiten a atacantes remotos causar una denegación de servicio (caída) a través de un flujo grande de datos, lo qu... • http://article.gmane.org/gmane.comp.web.haproxy/17726 • CWE-189: Numeric Errors CWE-400: Uncontrolled Resource Consumption •