Known Vulnerabilities for products from Zope
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zope".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-44389 json | Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store scrip... | 4.8 - MEDIUM | 2023-10-04 | 2024-02-01 |
| CVE-2023-42458 json | Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vul... | 5.4 - MEDIUM | 2023-09-21 | 2023-09-25 |
| CVE-2023-41050 json | AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlli... | 7.7 - HIGH | 2023-09-06 | 2023-09-13 |
| CVE-2023-41039 json | RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allo... | 7.7 - HIGH | 2023-08-30 | 2023-09-05 |
| CVE-2023-37271 json | RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input... | 9.9 - CRITICAL | 2023-07-11 | 2023-07-19 |
| CVE-2023-36814 json | Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal ... | 7.5 - HIGH | 2023-07-03 | 2023-07-17 |
| CVE-2021-36089 json | Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::F... | 7.8 - HIGH | 2021-07-01 | 2021-07-06 |
| CVE-2021-33507 json | Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other p... | 6.1 - MEDIUM | 2021-05-21 | 2021-05-27 |
| CVE-2021-32811 json | Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution sec... | 7.2 - HIGH | 2021-08-02 | 2022-12-02 |
| CVE-2021-32807 json | The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restri... | 7.2 - HIGH | 2021-07-30 | 2022-12-02 |
| CVE-2021-32674 json | Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundati... | 8.8 - HIGH | 2021-06-08 | 2022-01-21 |
| CVE-2021-32633 json | Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indi... | 8.8 - HIGH | 2021-05-21 | 2022-04-06 |
| CVE-2021-21360 json | Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts... | 5.3 - MEDIUM | 2021-03-09 | 2022-01-01 |
| CVE-2021-21337 json | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthServic... | 6.1 - MEDIUM | 2021-03-08 | 2022-01-01 |
| CVE-2021-21336 json | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthServic... | 6.5 - MEDIUM | 2021-03-08 | 2022-06-03 |
| CVE-2015-7293 json | Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5... | 8.8 - HIGH | 2017-09-25 | 2017-10-06 |
| CVE-2012-6661 json | Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator ... | 5 - MEDIUM | 2014-11-03 | 2014-11-05 |
| CVE-2012-5507 json | AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote atta... | 4.3 - MEDIUM | 2014-09-30 | 2014-10-02 |
| CVE-2012-5489 json | The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone ... | 6.5 - MEDIUM | 2014-09-30 | 2014-10-02 |
| CVE-2012-5486 json | ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to ... | 6.4 - MEDIUM | 2014-09-30 | 2023-02-13 |
Known software with vulnerabilities from Zope
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zope | Zope | 2.10.1 |
| Application | Zope | Zope Management Interface | 4.3.7 |
| Application | Zope | Zserver | 1.1 |