CVE-2019-8953 – pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-8953
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php. El paquete HAProxy, en versiones anteriores a la 0.59_16 para pfSense, tiene Cross-Site Scripting (XSS) mediante los parámetros desc (también conocido como Description) o table_actionsaclN, relacionados con haproxy_listeners.php y haproxy_listeners_edit.php. pfSense version 2.4.4-p1 with HAProxy Package version 0.59_14 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/46538 https://cxsecurity.com/issue/WLB-2019020153 https://github.com/pfsense/FreeBSD-ports/commit/2dded47b3202dfdf89aa96f84bf701b3d5acbe6c https://github.com/pfsense/FreeBSD-ports/commit/3b40366aca55910b224ecf49d3fdacc9ad6c04f5 https://redmine.pfsense.org/issues/9335 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20615 – haproxy: Mishandling of priority flag in short HEADERS frame by HTTP/2 decoder allows for crash
https://notcve.org/view.php?id=CVE-2018-20615
An out-of-bounds read issue was discovered in the HTTP/2 protocol decoder in HAProxy 1.8.x and 1.9.x through 1.9.0 which can result in a crash. The processing of the PRIORITY flag in a HEADERS frame requires 5 extra bytes, and while these bytes are skipped, the total frame length was not re-checked to make sure they were present in the frame. Se ha descubierto un problema de lectura fuera de límites en el decodificador del protocolo HTTP/2 en HAProxy, en versiones 1.8.x y 1.9.x hasta la 1.9.0, lo que puede resultar en un cierre inesperado. El procesamiento del flag PRIORITY en un frame HEADERS requiere 5 bytes adicionales y, aunque se omiten estos bytes, la longitud total del frame no se volvió a comprobar para asegurar que estaban presentes en la trama. A flaw was found in HAProxy, versions before 1.8.17 and 1.9.1. • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00018.html http://www.securityfocus.com/bid/106645 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0275 https://usn.ubuntu.com/3858-1 https://www.mail-archive.com/haproxy%40formilux.org/msg32304.html https://access.redhat.com/security/cve/CVE-2018-20615 https://bugzilla.redhat.com/show_bug.cgi?id=1663060 • CWE-125: Out-of-bounds Read •
CVE-2018-20102 – haproxy: Out-of-bounds read in dns.c:dns_validate_dns_response() allows for memory disclosure
https://notcve.org/view.php?id=CVE-2018-20102
An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. Se ha descubierto una lectura fuera de límites en dns_validate_dns_response en dns.c en HAProxy hasta la versión 1.8.14. Debido a la falta de una comprobación al validar respuestas DNS, los atacantes remotos pueden leer los 16 bits que corresponden a un registro AAAA de la parte no inicializada del búfer, pudiendo acceder a cualquier cosa que haya quedado en la pila, o incluso más allá del final del búfer de 8193 bytes, dependiendo del valor de accepted_payload_size. • http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=efbbdf72992cd20458259962346044cafd9331c0 http://www.securityfocus.com/bid/106223 https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:1436 https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html https://usn.ubuntu.com/3858-1 https://access.redhat.com/security/cve/CVE-2018-20102 https://bugzilla.redhat.com/show_bug.cgi?id=1658874 • CWE-125: Out-of-bounds Read •
CVE-2018-20103 – haproxy: Infinite recursion via crafted packet allows stack exhaustion and denial of service
https://notcve.org/view.php?id=CVE-2018-20103
An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. Se ha descubierto un problema en dns.c en HAProxy hasta la versión 1.8.14. En el caso de un puntero comprimido, un paquete manipulado puede desencadenar una recursión infinita haciendo que el puntero se señale a sí mismo o cree una cadena larga de punteros válidos, lo que resulta en el agotamiento de la pila. • http://git.haproxy.org/?p=haproxy.git%3Ba=commit%3Bh=58df5aea0a0c926b2238f65908f5e9f83d1cca25 http://www.securityfocus.com/bid/106280 https://access.redhat.com/errata/RHBA-2019:0326 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:1436 https://lists.debian.org/debian-lts-announce/2022/05/msg00045.html https://usn.ubuntu.com/3858-1 https://access.redhat.com/security/cve/CVE-2018-20103 https://bugzilla.redhat.com/show_bug.cgi?id=1658876 • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-14645 – haproxy: Out-of-bounds read in HPACK decoder
https://notcve.org/view.php?id=CVE-2018-14645
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service. Se ha descubierto un fallo en el descodificador HPACK de HAProxy en versiones anteriores a la 1.8.14 que se utiliza para HTTP/2. Un acceso de lectura fuera de límites en hpack_vallid_idx() resultó en un cierre inesperado remoto y una denegación de servicio (DoS). A flaw was discovered in the HPACK decoder of haproxy, before 1.8.14, that is used for HTTP/2. • https://access.redhat.com/errata/RHBA-2019:0028 https://access.redhat.com/errata/RHSA-2018:2882 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14645 https://usn.ubuntu.com/3780-1 https://www.mail-archive.com/haproxy%40formilux.org/msg31253.html https://access.redhat.com/security/cve/CVE-2018-14645 https://bugzilla.redhat.com/show_bug.cgi?id=1630048 • CWE-125: Out-of-bounds Read •