Vulnerabilities > Plone > Plone > 4.0.8

DATE CVE VULNERABILITY TITLE RISK
2011-12-30 CVE-2011-4462 Improper Input Validation vulnerability in Plone
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
network
low complexity
plone CWE-20
5.0
5.0
2011-10-10 CVE-2011-4030 Permissions, Privileges, and Access Controls vulnerability in Plone Cmfeditions and Plone
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
network
plone CWE-264
critical
 9.3
9.3
2011-10-10 CVE-2011-3587 Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
network
plone zope
critical
 9.3
9.3
2011-07-19 CVE-2011-2528 Remote Security vulnerability in Zope
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
network
low complexity
plone zope
7.5
7.5