Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-36089
Grok 7.6.6 up to and including 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
Zope Grok
9.8
CVSSv3
CVE-2024-24811
SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions before 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been pat...
Zope Sqlalchemyda
5.3
CVSSv3
CVE-2021-21360
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files gener...
Zope Products.genericsetup
6.1
CVSSv3
CVE-2021-21337
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the bro...
Zope Products.pluggableauthservice
7.2
CVSSv3
CVE-2021-32807
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessContro...
Zope Accesscontrol
7.5
CVSSv3
CVE-2023-36814
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. Th...
Zope Products.cmfcore
6.5
CVSSv3
CVE-2021-21336
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if t...
Zope Products.pluggableauthservice
Plone Plone
NA
CVE-2010-2944
The authenticate function in LDAPUserFolder/LDAPUserFolder.py in zope-ldapuserfolder 2.9-1 does not verify the password for the emergency account, which allows remote malicious users to gain privileges.
Jens Vagelpohl Zope-ldapuserfolder 2.9-1
NA
CVE-2001-0128
Zope prior to 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
Zope Zope
Conectiva Linux 4.2
Conectiva Linux 6.0
Conectiva Linux 5.1
Redhat Linux Powertools 6.1
Redhat Linux Powertools 7.0
Conectiva Linux 5.0
Redhat Linux Powertools 6.2
Mandrakesoft Mandrake Linux 7.2
Debian Debian Linux 2.2
Redhat Linux 7.0
Redhat Linux 6.1
Redhat Linux 6.2
Mandrakesoft Mandrake Linux 7.1
Freebsd Freebsd 6.2
8.8
CVSSv3
CVE-2015-7293
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and previous versions, and Plone prior to 5.x.
Plone Plone 3.3
Plone Plone 4.3.3
Plone Plone 4.3.11
Plone Plone 4.0.5
Plone Plone 4.3.6
Plone Plone 4.2.3
Plone Plone 4.0.2
Plone Plone 3.3.5
Plone Plone 4.3.5
Plone Plone 4.3.10
Plone Plone 4.3
Plone Plone 4.2.2
Plone Plone 4.0.8
Plone Plone 3.3.4
Plone Plone 4.0.7
Plone Plone 3.3.2
Plone Plone 4.2.7
Plone Plone 4.2.5
Plone Plone 4.1.6
Plone Plone 4.0.4
Plone Plone 4.3.4
Plone Plone 4.0.9
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »