Filtered by vendor Redhat
Subscriptions
Filtered by product Quay
Subscriptions
Total
83 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-27515 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 5.3 Medium |
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
CVE-2021-25293 | 2 Python, Redhat | 3 Pillow, Enterprise Linux, Quay | 2024-11-21 | 7.5 High |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | ||||
CVE-2021-25292 | 2 Python, Redhat | 3 Pillow, Enterprise Linux, Quay | 2024-11-21 | 6.5 Medium |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | ||||
CVE-2021-25291 | 2 Python, Redhat | 2 Pillow, Quay | 2024-11-21 | 7.5 High |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. | ||||
CVE-2021-25290 | 3 Debian, Python, Redhat | 4 Debian Linux, Pillow, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | ||||
CVE-2021-25289 | 2 Python, Redhat | 2 Pillow, Quay | 2024-11-21 | 9.8 Critical |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | ||||
CVE-2021-23382 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | ||||
CVE-2021-23368 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | ||||
CVE-2021-23364 | 2 Browserslist Project, Redhat | 3 Browserslist, Acm, Quay | 2024-11-21 | 5.3 Medium |
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | ||||
CVE-2020-8203 | 3 Lodash, Oracle, Redhat | 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more | 2024-11-21 | 7.4 High |
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | ||||
CVE-2020-8131 | 2 Redhat, Yarnpkg | 2 Quay, Yarn | 2024-11-21 | 7.5 High |
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | ||||
CVE-2020-7608 | 2 Redhat, Yargs | 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more | 2024-11-21 | 5.3 Medium |
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | ||||
CVE-2020-5313 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.1 High |
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. | ||||
CVE-2020-5312 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 9.8 Critical |
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | ||||
CVE-2020-5311 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 9.8 Critical |
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | ||||
CVE-2020-5310 | 4 Canonical, Fedoraproject, Python and 1 more | 4 Ubuntu Linux, Fedora, Pillow and 1 more | 2024-11-21 | 8.8 High |
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc. | ||||
CVE-2020-35654 | 3 Fedoraproject, Python, Redhat | 3 Fedora, Pillow, Quay | 2024-11-21 | 8.8 High |
In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. | ||||
CVE-2020-35653 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Pillow and 2 more | 2024-11-21 | 7.1 High |
In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | ||||
CVE-2020-27832 | 1 Redhat | 1 Quay | 2024-11-21 | 9.0 Critical |
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. This flaw allows an attacker to trick a user into performing a malicious action to impersonate the target user. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
CVE-2020-27831 | 1 Redhat | 1 Quay | 2024-11-21 | 4.3 Medium |
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an attacker to add email addresses they do not own to repository notifications. |