Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-01-21	CVE-2019-3864	Cross-Site Request Forgery (CSRF) vulnerability in Redhat Quay A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. network redhat CWE-352	6.8
2020-01-02	CVE-2019-10205	Insufficiently Protected Credentials vulnerability in Redhat Quay 3.0.0 A flaw was found in the way Red Hat Quay stores robot account tokens in plain text. local low complexity redhat CWE-522	6.3
2019-08-13	CVE-2019-9516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. network low complexity apple apache canonical debian fedoraproject synology opensuse redhat oracle mcafee f5 nodejs CWE-770	6.5