Known Vulnerabilities for products from Zope
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zope".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-36089 | Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::F... | 7.8 - HIGH | 2021-07-01 | 2021-07-06 |
| CVE-2021-33507 | Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other p... | 6.1 - MEDIUM | 2021-05-21 | 2021-05-27 |
| CVE-2021-32811 | Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution sec... | 7.2 - HIGH | 2021-08-02 | 2022-12-02 |
| CVE-2021-32807 | The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restri... | 7.2 - HIGH | 2021-07-30 | 2022-12-02 |
| CVE-2021-32674 | Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundati... | 8.8 - HIGH | 2021-06-08 | 2022-01-21 |
| CVE-2021-32633 | Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indi... | 8.8 - HIGH | 2021-05-21 | 2022-04-06 |
| CVE-2021-21360 | Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts... | 5.3 - MEDIUM | 2021-03-09 | 2022-01-01 |
| CVE-2021-21337 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthServic... | 6.1 - MEDIUM | 2021-03-08 | 2022-01-01 |
| CVE-2021-21336 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthServic... | 6.5 - MEDIUM | 2021-03-08 | 2022-06-03 |
| CVE-2015-7293 | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5... | 8.8 - HIGH | 2017-09-25 | 2017-10-06 |
| CVE-2012-6661 | Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator ... | 5 - MEDIUM | 2014-11-03 | 2014-11-05 |
| CVE-2012-5507 | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote atta... | 4.3 - MEDIUM | 2014-09-30 | 2014-10-02 |
| CVE-2012-5489 | The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone ... | 6.5 - MEDIUM | 2014-09-30 | 2014-10-02 |
| CVE-2012-5486 | ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to ... | 6.4 - MEDIUM | 2014-09-30 | 2023-02-13 |
| CVE-2011-4924 | Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x befo... | 6.1 - MEDIUM | 2019-11-25 | 2019-12-05 |
| CVE-2011-3587 | Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows... | 9.3 - HIGH | 2011-10-10 | 2011-10-21 |
| CVE-2011-2528 | Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products... | 7.5 - HIGH | 2011-07-19 | 2011-07-25 |
| CVE-2010-3495 | Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial... | 4.3 - MEDIUM | 2010-10-19 | 2011-01-22 |
| CVE-2010-3198 | ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of... | 4.3 - MEDIUM | 2010-09-08 | 2010-09-10 |
| CVE-2010-1104 | Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x befo... | 4.3 - MEDIUM | 2010-03-25 | 2017-08-17 |
Known software with vulnerabilities from Zope
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zope | Zope | 2.5.1 |
| Application | Zope | Zope Management Interface | 4.3.7 |
| Application | Zope | Zserver | 1.1 |