Vulnerabilities > Zope > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-06 | CVE-2023-41050 | Information Exposure vulnerability in Zope Accesscontrol AccessControl provides a general security framework for use in Zope. | 7.7 |
2023-08-30 | CVE-2023-41039 | Injection vulnerability in Zope Restrictedpython RestrictedPython is a restricted execution environment for Python to run untrusted code. | 7.7 |
2023-07-03 | CVE-2023-36814 | Allocation of Resources Without Limits or Throttling vulnerability in Zope Products.Cmfcore Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). | 7.5 |
2021-08-02 | CVE-2021-32811 | Unspecified vulnerability in Zope Accesscontrol and Zope Zope is an open-source web application server. | 7.2 |
2021-07-30 | CVE-2021-32807 | Unspecified vulnerability in Zope Accesscontrol The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. | 7.2 |
2011-07-19 | CVE-2011-2528 | Remote Security vulnerability in Zope Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. | 7.5 |
2009-08-07 | CVE-2009-0669 | Improper Authentication vulnerability in Zope Zodb 3.8/3.8.0 Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol. | 7.5 |
2005-10-27 | CVE-2005-3323 | docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. | 7.5 |
2002-07-23 | CVE-2002-0688 | Remote Method vulnerability in Zope 2.4.0/2.5.1 ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. | 7.5 |
2002-04-22 | CVE-2002-0170 | Unspecified vulnerability in Zope Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. | 7.5 |