Filtered by vendor Redhat Subscriptions
Filtered by product Quay Subscriptions
Total 83 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-27515 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 5.3 Medium
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-25293 2 Python, Redhat 3 Pillow, Enterprise Linux, Quay 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
CVE-2021-25292 2 Python, Redhat 3 Pillow, Enterprise Linux, Quay 2024-11-21 6.5 Medium
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
CVE-2021-25291 2 Python, Redhat 2 Pillow, Quay 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
CVE-2021-25290 3 Debian, Python, Redhat 4 Debian Linux, Pillow, Enterprise Linux and 1 more 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25289 2 Python, Redhat 2 Pillow, Quay 2024-11-21 9.8 Critical
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
CVE-2021-23382 2 Postcss, Redhat 4 Postcss, Acm, Openshift and 1 more 2024-11-21 5.3 Medium
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).
CVE-2021-23368 2 Postcss, Redhat 4 Postcss, Acm, Openshift and 1 more 2024-11-21 5.3 Medium
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
CVE-2021-23364 2 Browserslist Project, Redhat 3 Browserslist, Acm, Quay 2024-11-21 5.3 Medium
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
CVE-2020-8203 3 Lodash, Oracle, Redhat 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more 2024-11-21 7.4 High
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-8131 2 Redhat, Yarnpkg 2 Quay, Yarn 2024-11-21 7.5 High
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
CVE-2020-7608 2 Redhat, Yargs 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more 2024-11-21 5.3 Medium
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
CVE-2020-5313 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 7.1 High
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
CVE-2020-5312 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 9.8 Critical
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
CVE-2020-5311 5 Canonical, Debian, Fedoraproject and 2 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2024-11-21 9.8 Critical
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
CVE-2020-5310 4 Canonical, Fedoraproject, Python and 1 more 4 Ubuntu Linux, Fedora, Pillow and 1 more 2024-11-21 8.8 High
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
CVE-2020-35654 3 Fedoraproject, Python, Redhat 3 Fedora, Pillow, Quay 2024-11-21 8.8 High
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode.
CVE-2020-35653 4 Debian, Fedoraproject, Python and 1 more 5 Debian Linux, Fedora, Pillow and 2 more 2024-11-21 7.1 High
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations.
CVE-2020-27832 1 Redhat 1 Quay 2024-11-21 9.0 Critical
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-27831 1 Redhat 1 Quay 2024-11-21 4.3 Medium
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications.