Latest redhat quay Vulnerabilities

CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 556 more
CVE-2023-4959
Quay: cross-site request forgery (csrf) on config-editor page
Redhat Quay=3.0.0
CVE-2023-4956
Quay: clickjacking on config-editor page severity
Redhat Quay=3.0.0
CVE-2023-3384
Quay: stored cross site scripting
Redhat Quay=3.0.0
CVE-2022-2447
Description of problem: Keystone issues tokens with the default lifespan regardless of the lifespan of the application credentials used to issue them. If the configured lifespan of an identity token i...
OpenStack Keystone
Redhat Openstack=16.1
Redhat Openstack=16.2
Redhat Openstack Platform=16.1
Redhat Openstack Platform=16.2
Redhat Quay=3.0.0
and 1 more
CVE-2021-3762
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary f...
redhat/quay/claircore<0.5.5
redhat/quay/claircore<0.4.8
Redhat Clair>=0.4.6<0.4.8
Redhat Clair>=0.5.3<0.5.5
Redhat Quay=3.5.6
CVE-2022-1227
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image ...
go/github.com/containers/podman/v3<3.4
go/github.com/containers/psgo/internal/proc<1.7.2
go/github.com/containers/psgo<1.7.2
Podman Project Podman<4.0.0
Psgo Project Psgo<1.7.2
Redhat Developer Tools=1.0
and 19 more
CVE-2020-27832
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into perf...
redhat/quay<3.3.2
Redhat Quay>=3.0.0<3.3.2
CVE-2020-27831
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add em...
redhat/Quay<3.3.3
Redhat Quay>=3.0.0<3.3.3
CVE-2020-14313
An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot ...
Redhat Quay<3.3.1
redhat/quay<3.3.1
CVE-2019-3865
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and m...
Redhat Quay=2.0.0
CVE-2020-10735
Python is vulnerable to a denial of service, caused by the failure to limit amount of digits converting text to int by the int() type in PyLong_FromString(). A remote attacker could exploit this vuln...
redhat/python3<0:3.6.8-48.el8_7.1
redhat/python3.9<0:3.9.10-3.el9_0
redhat/rh-python38-python<0:3.8.14-1.el7
Python Python>=3.7.0<3.7.14
Python Python>=3.8.0<3.8.14
Python Python>=3.9.0<3.9.14
and 22 more
CVE-2019-10205
A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able to perform database queries in the Red Hat Quay database could use the tokens to read or write cont...
Redhat Quay=3.0.0
CVE-2019-9517
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constr...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 77 more
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, o...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 72 more
CVE-2019-9511
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data ...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 168 more
CVE-2019-9518
Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-st...
redhat/rh-nodejs10<0:3.2-3.el7
redhat/rh-nodejs10-nodejs<0:10.16.3-3.el7
redhat/rh-nodejs8<0:3.0-5.el7
redhat/rh-nodejs8-nodejs<0:8.16.1-2.el7
redhat/envoy<1.11.1
redhat/Nodejs<8.16.1
and 45 more
CVE-2019-9515
Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the ...
redhat/eap7-apache-cxf<0:3.2.10-1.redhat_00001.1.el6ea
redhat/eap7-byte-buddy<0:1.9.11-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-5.SP3_redhat_00003.1.el6ea
redhat/eap7-hal-console<0:3.0.17-2.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.13-1.Final_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.18-1.Final_redhat_00001.1.el6ea
and 141 more
CVE-2019-9514
A flaw was found in HTTP/2. Using HEADER frames with invalid HTTP headers and queuing of response RST_STREAM frames, an attacker could cause a flood resulting in unbounded memory growth. The highest t...
redhat/go-toolset<1.11-0:1.11.13-1.el7
redhat/go-toolset<1.11-golang-0:1.11.13-2.el7
redhat/containernetworking-plugins<0:0.8.1-4.el7_7
redhat/eap7-apache-cxf<0:3.2.10-1.redhat_00001.1.el6ea
redhat/eap7-byte-buddy<0:1.9.11-1.redhat_00002.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-5.SP3_redhat_00003.1.el6ea
and 221 more
CVE-2019-9513
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the str...
redhat/jbcs-httpd24-httpd<0:2.4.29-41.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-1.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-63.jbcs.el6
redhat/jbcs-httpd24-apr-util<0:1.6.1-48.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-7.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-14.jbcs.el6
and 104 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203