Vulnerabilities > Redhat > Quay > 3.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-07 | CVE-2023-4956 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Quay 3.0.0 A flaw was found in Quay. | 4.3 |
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-09-15 | CVE-2023-4959 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Quay 3.0.0 A flaw was found in Quay. | 6.5 |
| 2023-07-24 | CVE-2023-3384 | Cross-site Scripting vulnerability in Redhat Quay 3.0.0 A flaw was found in the Quay registry. | 5.4 |
| 2022-09-09 | CVE-2020-10735 | Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in python. | 7.5 |
| 2022-09-01 | CVE-2022-2447 | Operation on a Resource after Expiration or Release vulnerability in multiple products A flaw was found in Keystone. | 6.6 |
| 2022-04-29 | CVE-2022-1227 | Improper Privilege Management vulnerability in multiple products A privilege escalation flaw was found in Podman. | 8.8 |
| 2021-05-27 | CVE-2020-27832 | Cross-site Scripting vulnerability in Redhat Quay A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when displaying a repository's notification. | 6.0 |
| 2021-05-27 | CVE-2020-27831 | Insufficiently Protected Credentials vulnerability in Redhat Quay A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. | 4.3 |
| 2021-03-18 | CVE-2019-3867 | Insufficient Session Expiration vulnerability in Redhat Quay 2.0.0/3.0.0 A vulnerability was found in the Quay web application. | 4.4 |