NotCVE - vendor:"Zope" product:"Zope" version:"

Page 2 of 22 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 65EXPL: 1

CVE-2012-6661

https://notcve.org/view.php?id=CVE-2012-6661

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, no resiembra el generador de números seudo aleatorios (PRNG), lo que facilita a atacantes remotos adivinar el valor a través de vectores no especificados. NOTA: este problema fue dividido (SPLIT) de CVE-2012-5508 debido a tipos diferentes de vulnerabilidades (ADT2). • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://bugs.launchpad.net/zope2/+bug/1071067 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121124 https://plone.org/products/plone/security/advisories/20121106/24 • CWE-310: Cryptographic Issues •

CVSS: 6.5EPSS: 0%CPEs: 109EXPL: 0

CVE-2012-5489

https://notcve.org/view.php?id=CVE-2012-5489

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. La función App.Undo.UndoSupport.get_request_var_or_attr en Zope anterior a 2.12.21 y 3.13.x anterior a 2.13.11, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a usuarios remotos autenticados ganar el acceso a atributos restringidos a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://bugs.launchpad.net/zope2/+bug/1079238 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/05 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 3%CPEs: 162EXPL: 1

CVE-2008-5102 – Zope 2.11.2 - PythonScript Multiple Remote Denial of Service Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-5102

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. PythonScripts en Zope 2 2.11.2 y anteriores, como se usa en Conga y otros productos, permite a usuarios remotamente autentificados provocar una denegación de servicio (agotamiento de recursos o parada de aplicación) mediante ciertas sentencias (1) raise o (2) import. • https://www.exploit-db.com/exploits/32581 http://bugs.gentoo.org/show_bug.cgi?id=246411 http://mail.zope.org/pipermail/zope/2008-August/174025.html http://openwall.com/lists/oss-security/2008/11/12/2 http://www.vupen.com/english/advisories/2008/2418 http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt https://bugs.launchpad.net/zope2/+bug/257269 https://bugs • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-0240

https://notcve.org/view.php?id=CVE-2007-0240

Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Zope 2.10.2 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores sin especificar en una petición HTTP GET. • http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html http://secunia.com/advisories/24017 http://secunia.com/advisories/24713 http://secunia.com/advisories/25239 http://www.debian.org/security/2007/dsa-1275 http://www.securityfocus.com/bid/23084 http://www.vupen.com/english/advisories/2007/1041 http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view https://exchange.xforce.ibmcloud.com/vulnerabilities/33187 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2002-0688

https://notcve.org/view.php?id=CVE-2002-0688

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. El plug-in de capacidad de soporte de índice ZCatalog para Zope 2.4.0 a 2.5.1 permite a usuarios anónimos y código no de confianza evadir ciertas restricciones y llamar a métodos arbitrarios de ínidices de catálogos. • http://www.debian.org/security/2004/dsa-490 http://www.iss.net/security_center/static/9610.php http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/5812 http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert •

1 2 3 4 5