Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2021-21337
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the bro...
Zope Products.pluggableauthservice
605
VMScore
CVE-2021-36089
Grok 7.6.6 up to and including 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
Zope Grok
NA
CVE-2024-24811
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions before 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been pat...
Zope Sqlalchemyda
578
VMScore
CVE-2021-32807
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessContro...
Zope Accesscontrol
NA
CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from...
Zope Restrictedpython
NA
CVE-2023-36814
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. Th...
Zope Products.cmfcore
356
VMScore
CVE-2021-21336
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if t...
Zope Products.pluggableauthservice
Plone Plone
668
VMScore
CVE-2010-2944
The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote malicious users to gain privileges.
Jens Vagelpohl Zope-ldapuserfolder 2.9-1
641
VMScore
CVE-2001-0128
Zope prior to 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
Conectiva Linux 5.0
Conectiva Linux 5.1
Conectiva Linux 6.0
Zope Zope
Redhat Linux Powertools 6.1
Redhat Linux Powertools 6.2
Redhat Linux Powertools 7.0
Conectiva Linux 4.2
Redhat Linux 6.1
Redhat Linux 6.2
Redhat Linux 7.0
Debian Debian Linux 2.2
Freebsd Freebsd 6.2
Mandrakesoft Mandrake Linux 7.1
Mandrakesoft Mandrake Linux 7.2
668
VMScore
CVE-2007-5741
Plone 2.5 up to and including 2.5.4 and 3.0 up to and including 3.0.2 allows remote malicious users to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Plone Plone 2.5
Plone Plone 2.5.1
Plone Plone 2.5 Beta1
Plone Plone 3.0
Plone Plone 3.0.1
Plone Plone 3.0.2
Plone Plone 2.5.1 Rc
Plone Plone 2.5.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »