Quay

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-27	CVE-2020-27831	Insufficiently Protected Credentials vulnerability in Redhat Quay A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when authorizing email addresses for repository email notifications. network low complexity redhat CWE-522	4.3
2021-03-18	CVE-2019-3867	Insufficient Session Expiration vulnerability in Redhat Quay 2.0.0/3.0.0 A vulnerability was found in the Quay web application. local redhat CWE-613	4.4
2020-08-11	CVE-2020-14313	Information Exposure vulnerability in Redhat Quay An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. network low complexity redhat CWE-200	4.0
2020-06-22	CVE-2019-3865	Cross-site Scripting vulnerability in Redhat Quay 2.0.0 A vulnerability was found in quay-2, where a stored XSS vulnerability has been found in the super user function of quay. network low complexity redhat CWE-79	6.1
2020-01-21	CVE-2019-3864	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Quay A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. network redhat CWE-352	6.8
2020-01-02	CVE-2019-10205	Insufficiently Protected Credentials vulnerability in Redhat Quay 3.0.0 A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. local low complexity redhat CWE-522	6.3
2019-08-13	CVE-2019-9518	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee nodejs CWE-770	7.5
2019-08-13	CVE-2019-9517	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee netapp nodejs CWE-770	7.5
2019-08-13	CVE-2019-9516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs CWE-770	6.5
2019-08-13	CVE-2019-9515	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. network low complexity apple apache canonical debian synology fedoraproject opensuse redhat oracle mcafee f5 nodejs CWE-770	7.5