Vulnerabilities > Zope > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2023-41050 Information Exposure vulnerability in Zope Accesscontrol
AccessControl provides a general security framework for use in Zope.
network
low complexity
zope CWE-200
7.7
2023-08-30 CVE-2023-41039 Injection vulnerability in Zope Restrictedpython
RestrictedPython is a restricted execution environment for Python to run untrusted code.
network
low complexity
zope CWE-74
7.7
2023-07-03 CVE-2023-36814 Allocation of Resources Without Limits or Throttling vulnerability in Zope Products.Cmfcore
Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF).
network
low complexity
zope CWE-770
7.5
2021-08-02 CVE-2021-32811 Unspecified vulnerability in Zope Accesscontrol and Zope
Zope is an open-source web application server.
network
low complexity
zope
7.2
2021-07-30 CVE-2021-32807 Unspecified vulnerability in Zope Accesscontrol
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications.
network
low complexity
zope
7.2
2011-07-19 CVE-2011-2528 Remote Security vulnerability in Zope
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
network
low complexity
plone zope
7.5
2009-08-07 CVE-2009-0669 Improper Authentication vulnerability in Zope Zodb 3.8/3.8.0
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
network
low complexity
zope CWE-287
7.5
2005-10-27 CVE-2005-3323 docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
network
low complexity
zope debian
7.5
2002-07-23 CVE-2002-0688 Remote Method vulnerability in Zope 2.4.0/2.5.1
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
network
low complexity
zope
7.5
2002-04-22 CVE-2002-0170 Unspecified vulnerability in Zope
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
network
low complexity
zope
7.5