Filtered by vendor Redhat
Subscriptions
Filtered by product Quay
Subscriptions
Total
83 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-1227 | 4 Fedoraproject, Podman Project, Psgo Project and 1 more | 19 Fedora, Podman, Psgo and 16 more | 2024-11-21 | 8.8 High |
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | ||||
CVE-2021-3762 | 1 Redhat | 2 Clair, Quay | 2024-11-21 | 9.8 Critical |
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. | ||||
CVE-2021-34552 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Pillow and 2 more | 2024-11-21 | 9.8 Critical |
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | ||||
CVE-2021-27923 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICO container, and thus an attempted memory allocation can be very large. | ||||
CVE-2021-27922 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for an ICNS container, and thus an attempted memory allocation can be very large. | ||||
CVE-2021-27921 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. | ||||
CVE-2021-27516 | 2 Redhat, Uri.js Project | 2 Quay, Uri.js | 2024-11-21 | 7.5 High |
URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
CVE-2021-27515 | 2 Redhat, Url-parse Project | 2 Quay, Url-parse | 2024-11-21 | 5.3 Medium |
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path. | ||||
CVE-2021-25293 | 2 Python, Redhat | 3 Pillow, Enterprise Linux, Quay | 2024-11-21 | 7.5 High |
An issue was discovered in Pillow before 8.1.1. There is an out-of-bounds read in SGIRleDecode.c. | ||||
CVE-2021-25292 | 2 Python, Redhat | 3 Pillow, Enterprise Linux, Quay | 2024-11-21 | 6.5 Medium |
An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | ||||
CVE-2021-25291 | 2 Python, Redhat | 2 Pillow, Quay | 2024-11-21 | 7.5 High |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is an out-of-bounds read in TiffreadRGBATile via invalid tile boundaries. | ||||
CVE-2021-25290 | 3 Debian, Python, Redhat | 4 Debian Linux, Pillow, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
An issue was discovered in Pillow before 8.1.1. In TiffDecode.c, there is a negative-offset memcpy with an invalid size. | ||||
CVE-2021-25289 | 2 Python, Redhat | 2 Pillow, Quay | 2024-11-21 | 9.8 Critical |
An issue was discovered in Pillow before 8.1.1. TiffDecode has a heap-based buffer overflow when decoding crafted YCbCr files because of certain interpretation conflicts with LibTIFF in RGBA mode. NOTE: this issue exists because of an incomplete fix for CVE-2020-35654. | ||||
CVE-2021-23382 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | ||||
CVE-2021-23368 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | ||||
CVE-2021-23364 | 2 Browserslist Project, Redhat | 3 Browserslist, Acm, Quay | 2024-11-21 | 5.3 Medium |
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | ||||
CVE-2020-8203 | 3 Lodash, Oracle, Redhat | 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more | 2024-11-21 | 7.4 High |
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | ||||
CVE-2020-8131 | 2 Redhat, Yarnpkg | 2 Quay, Yarn | 2024-11-21 | 7.5 High |
Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | ||||
CVE-2020-7608 | 2 Redhat, Yargs | 5 Enterprise Linux, Openshift Container Storage, Quay and 2 more | 2024-11-21 | 5.3 Medium |
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | ||||
CVE-2020-5313 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.1 High |
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow. |