Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope zope vulnerabilities and exploits
(subscribe to this query)
7.7
CVSSv3
CVE-2023-41039
RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from...
Zope Restrictedpython
7.8
CVSSv3
CVE-2021-36089
Grok 7.6.6 up to and including 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
Zope Grok
5.3
CVSSv3
CVE-2021-21360
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files gener...
Zope Products.genericsetup
7.2
CVSSv3
CVE-2021-32807
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessContro...
Zope Accesscontrol
6.1
CVSSv3
CVE-2021-21337
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the bro...
Zope Products.pluggableauthservice
9.8
CVSSv3
CVE-2024-24811
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions before 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been pat...
Zope Sqlalchemyda
6.5
CVSSv3
CVE-2021-21336
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if t...
Zope Products.pluggableauthservice
Plone Plone
NA
CVE-2010-2944
The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote malicious users to gain privileges.
Jens Vagelpohl Zope-ldapuserfolder 2.9-1
NA
CVE-2001-0128
Zope prior to 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
Conectiva Linux 5.0
Conectiva Linux 5.1
Conectiva Linux 6.0
Zope Zope
Redhat Linux Powertools 6.1
Redhat Linux Powertools 6.2
Redhat Linux Powertools 7.0
Conectiva Linux 4.2
Redhat Linux 6.1
Redhat Linux 6.2
Redhat Linux 7.0
Debian Debian Linux 2.2
Freebsd Freebsd 6.2
Mandrakesoft Mandrake Linux 7.1
Mandrakesoft Mandrake Linux 7.2
NA
CVE-2007-5741
Plone 2.5 up to and including 2.5.4 and 3.0 up to and including 3.0.2 allows remote malicious users to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Plone Plone 2.5
Plone Plone 2.5.1
Plone Plone 2.5 Beta1
Plone Plone 3.0
Plone Plone 3.0.1
Plone Plone 3.0.2
Plone Plone 2.5.1 Rc
Plone Plone 2.5.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »