Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat quay vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-3865
A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. Attackers are able to use the name field of service key to inject scripts and make it run when admin users try to change the name.
Redhat Quay 2.0.0
5.5
CVSSv3
CVE-2019-3866
An information-exposure vulnerability exists where openstack-mistral's undercloud log files containing clear-text information were made world readable. A malicious system user could exploit this flaw to access sensitive user information.
Redhat Openstack-mistral -
5.4
CVSSv3
CVE-2023-3384
A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an malicious user to pub...
Redhat Quay 3.0.0
5.3
CVSSv3
CVE-2020-1730
A flaw was found in libssh versions prior to 0.8.9 and prior to 0.9.4 in the way it handled AES-CTR (or DES ciphers if enabled) ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closin...
Libssh Libssh
Canonical Ubuntu Linux 18.04
Netapp Cloud Backup -
Redhat Enterprise Linux 8.0
Canonical Ubuntu Linux 19.10
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Oracle Mysql Workbench
4.3
CVSSv3
CVE-2023-4956
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor...
Redhat Quay 3.0.0
4.3
CVSSv3
CVE-2020-27831
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. This flaw allows an malicious user to add email addresses they do not own to repository notifications.
Redhat Quay
4.3
CVSSv3
CVE-2020-14313
An information disclosure vulnerability was found in Red Hat Quay in versions prior to 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace.
Redhat Quay
4.1
CVSSv3
CVE-2019-3867
A vulnerability was found in the Quay web application. Sessions in the Quay web application never expire. An attacker, able to gain access to a session, could use it to control or delete a user's container repository. Red Hat Quay 2 and 3 are vulnerable to this issue.
Redhat Quay 2.0.0
Redhat Quay 3.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4