Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope zope vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-0567
Digital Creations Zope 2.3.2 and previous versions allows a local malicious user to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
Zope Zope 7.1
Zope Zope 7.2
NA
CVE-2000-0483
The DocumentTemplate package in Zope 2.2 and previous versions allows a remote malicious user to modify DTMLDocuments or DTMLMethods without authorization.
Zope Zope 1.10.3
Redhat Linux Powertools 6.1
Zope Zope 2.1.1
Zope Zope 2.1.7
Redhat Linux Powertools 6.2
7.7
CVSSv3
CVE-2023-41050
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Tho...
Zope Accesscontrol
Zope Zope
7.2
CVSSv3
CVE-2021-32811
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and...
Zope Accesscontrol
Zope Zope
NA
CVE-2012-5486
ZPublisher.HTTPRequest._scrubHeader in Zope 2 prior to 2.13.19, as used in Plone prior to 4.3 beta 1, allows remote malicious users to inject arbitrary HTTP headers via a linefeed (LF) character.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
NA
CVE-2012-5507
AccessControl/AuthEncoding.py in Zope prior to 2.13.19, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote malicious users to obtain passwords via vectors involving timing discrepancies in password validation.
Zope Zope 2.10.3
Zope Zope 2.11.3
Zope Zope 2.6.1
Zope Zope 2.7.0
Zope Zope 2.7.7
Zope Zope 2.8.1
Zope Zope 2.9.5
Zope Zope 2.9.7
Zope Zope 2.10.8
Zope Zope 2.11.0
Zope Zope 2.11.1
Zope Zope 2.11.2
Zope Zope 2.8.6
Zope Zope 2.8.8
Zope Zope 2.9.2
Zope Zope 2.9.3
Zope Zope 2.7.3
Zope Zope 2.7.4
Zope Zope 2.7.5
Zope Zope 2.7.6
Zope Zope 2.13.18
Zope Zope 2.5.1
NA
CVE-2005-3323
docutils in Zope 2.6, 2.7 prior to 2.7.8, and 2.8 prior to 2.8.2 allows remote malicious users to include arbitrary files via include directives in RestructuredText functionality.
Zope Zope 2.6
Zope Zope
Debian Debian Linux 3.1
Debian Debian Linux 3.0
4.8
CVSSv3
CVE-2023-44389
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches w...
Zope Zope
5.4
CVSSv3
CVE-2023-42458
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To expl...
Zope Zope
8.8
CVSSv3
CVE-2021-32674
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available fo...
Zope Zope
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »