Filtered by vendor Redhat Subscriptions
Filtered by product Quay Subscriptions
Total 83 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-1227 4 Fedoraproject, Podman Project, Psgo Project and 1 more 19 Fedora, Podman, Psgo and 16 more 2024-11-21 8.8 High
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVE-2021-3762 1 Redhat 2 Clair, Quay 2024-11-21 9.8 Critical
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.
CVE-2021-34552 4 Debian, Fedoraproject, Python and 1 more 5 Debian Linux, Fedora, Pillow and 2 more 2024-11-21 9.8 Critical
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.
CVE-2021-27923 3 Fedoraproject, Python, Redhat 4 Fedora, Pillow, Enterprise Linux and 1 more 2024-11-21 7.5 High
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large.
CVE-2021-27922 3 Fedoraproject, Python, Redhat 4 Fedora, Pillow, Enterprise Linux and 1 more 2024-11-21 7.5 High
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large.
CVE-2021-27921 3 Fedoraproject, Python, Redhat 4 Fedora, Pillow, Enterprise Linux and 1 more 2024-11-21 7.5 High
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large.
CVE-2021-27516 2 Redhat, Uri.js Project 2 Quay, Uri.js 2024-11-21 7.5 High
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-27515 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 5.3 Medium
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2021-25293 2 Python, Redhat 3 Pillow, Enterprise Linux, Quay 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c.
CVE-2021-25292 2 Python, Redhat 3 Pillow, Enterprise Linux, Quay 2024-11-21 6.5 Medium
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.
CVE-2021-25291 2 Python, Redhat 2 Pillow, Quay 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries.
CVE-2021-25290 3 Debian, Python, Redhat 4 Debian Linux, Pillow, Enterprise Linux and 1 more 2024-11-21 7.5 High
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size.
CVE-2021-25289 2 Python, Redhat 2 Pillow, Quay 2024-11-21 9.8 Critical
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654.
CVE-2021-23382 2 Postcss, Redhat 4 Postcss, Acm, Openshift and 1 more 2024-11-21 5.3 Medium
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*).
CVE-2021-23368 2 Postcss, Redhat 4 Postcss, Acm, Openshift and 1 more 2024-11-21 5.3 Medium
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
CVE-2021-23364 2 Browserslist Project, Redhat 3 Browserslist, Acm, Quay 2024-11-21 5.3 Medium
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
CVE-2020-8203 3 Lodash, Oracle, Redhat 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more 2024-11-21 7.4 High
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-8131 2 Redhat, Yarnpkg 2 Quay, Yarn 2024-11-21 7.5 High
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.
CVE-2020-7608 2 Redhat, Yargs 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more 2024-11-21 5.3 Medium
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
CVE-2020-5313 5 Canonical, Debian, Fedoraproject and 2 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2024-11-21 7.1 High
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.