Latest vulnerabilities for "red hat quay" 3.0.0

Red Hat QuayQuay: quay allows successful authentication with trucated version of the password

medium

5.3

EPSS

0.05%

First published (updated )

CVE-2024-9683

Red Hat QuayQuay: unauthorized user may authenticate via oauth application token

high

7.5

EPSS

0.04%

First published (updated )

CVE-2024-5891

Red Hat QuayQuay: cross-site request forgery (csrf) on config-editor page

medium

6.5

First published (updated )

CVE-2023-4959

Red Hat QuayQuay: clickjacking on config-editor page severity

medium

6.5

First published (updated )

CVE-2023-4956

Red Hat QuayQuay: stored cross site scripting

medium

5.4

First published (updated )

CVE-2023-3384

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Red Hat OpenStack PlatformA flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) betwee…

medium

6.6

First published (updated )

CVE-2022-2447

redhat/podmanA privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious…

high

8.8

First published (updated )

CVE-2022-1227

redhat/quayXSS

critical

9

First published (updated )

CVE-2020-27832

redhat/QuayRed Hat Quay doesn't properly protect the authorization token when authorizing email address for rep…

medium

4.3

First published (updated )

CVE-2020-27831

Python 2.7Incorrect Type Cast

high

7.5

First published (updated )

CVE-2020-10735

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Red Hat QuayA flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able…

medium

6.3

First published (updated )

CVE-2019-10205

Red Hat QuaySessions in the Quay web application never expire. An attacker able to gain access to a session coul…

medium

4.4

First published (updated )

CVE-2019-3867

Node.jsSome HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service

high

7.8

First published (updated )

CVE-2019-9511

redhat/jbcs-httpd24-httpdSome HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service

high

7.5

First published (updated )

CVE-2019-9516

Node.jsSome HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service

high

7.8

First published (updated )

CVE-2019-9517

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Node.jsSome HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

high

7.8

First published (updated )

CVE-2019-9518

Riverbed SteelApp Traffic ManagerSome HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service

high

7.8

First published (updated )

CVE-2019-9515

Riverbed SteelApp Traffic ManagerSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service

high

7.8

First published (updated )

CVE-2019-9514

Node.jsSome HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service

high

7.8

First published (updated )

CVE-2019-9513

Trending

Red Hat QuayQuay: quay allows successful authentication with trucated version of the password

Red Hat QuayQuay: unauthorized user may authenticate via oauth application token

Red Hat QuayQuay: cross-site request forgery (csrf) on config-editor page

Red Hat QuayQuay: clickjacking on config-editor page severity

Red Hat QuayQuay: stored cross site scripting

Never miss a vulnerability like this again

Red Hat OpenStack PlatformA flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) betwee…

redhat/podmanA privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious…

redhat/quayXSS

redhat/QuayRed Hat Quay doesn't properly protect the authorization token when authorizing email address for rep…

Python 2.7Incorrect Type Cast

Never miss a vulnerability like this again

Red Hat QuayA flaw was found in the way Red Hat Quay stores robot account tokens in plain text. An attacker able…

Red Hat QuaySessions in the Quay web application never expire. An attacker able to gain access to a session coul…

Node.jsSome HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service

redhat/jbcs-httpd24-httpdSome HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service

Node.jsSome HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service

Never miss a vulnerability like this again

Node.jsSome HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service

Riverbed SteelApp Traffic ManagerSome HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service

Riverbed SteelApp Traffic ManagerSome HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service

Node.jsSome HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service

Company

Resources

Contact