Information Exposure

Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...

USN-8230-1 docker.io-app vulnerabilities

It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. CVE-2026-33747 It was discovered that BuildKit, contained...

EUVD-2020-25887

Malware in sbrugna...

EUVD-2018-17839

Malware in sbrugna...

EUVD-2017-14184

Malware in sbrugna...

SUSE CVE-2023-47106

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path...

Authorization Bypass

github.com/traefik/traefik is vulnerable to Authorization Bypass. This vulnerability arises because Traefik automatically encodes and forwards URL fragments to backend servers, violating protocol standards and potentially bypassing security controls implemented by frontend proxies like NGINX. An...

Containous Traefik Input Validation Error Vulnerability

Containous Traefik is a reverse proxy and load balancer from US-based Containous. An input validation error vulnerability exists in Traefik v2.10.5 and earlier, v3.0.0-beta4 and earlier, which stems from the fact that when a request with a URL fragment is sent to Traefik, Traefik automatically...

SUSE CVE-2017-5075

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

CVE-2020-4640

Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make u...

CVE-2017-5075

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

Design/Logic Flaw

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

CVE-2017-5075

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

UBUNTU-CVE-2017-5075

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

CVE-2017-5075

Removed by vendor...

chromium-browser: information leak in csp reporting

Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page...

FreeBSD : gallery -- multiple vulnerabilities (9b037a0d-ef2c-11e2-b4a0-8c705af55518)

Red Hat Security Response Team reports : Gallery upstream has released 3.0.9 version, correcting two security flaws : Issue 1 - Improper stripping of URL fragments in flowplayer SWF file might lead to reply attacks a different flaw than CVE-2013-2138. Issue 2 - gallery3: Multiple information...

Fedora 18 : gallery3-3.0.8-1.fc18 (2013-10138)

A security flaw was found in the way uploadify and flowplayer SWF files handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to these files certain URL...

Fedora 19 : gallery3-3.0.8-1.fc19 (2013-10032)

A security flaw was found in the way uploadify and flowplayer SWF files handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to these files certain URL...