pkg:PyPI/zope

All known vulnerabilities

• CRITICAL9.1CVE-2024-51734Access control vulnerable to user data deletion by anonynmous users
  from 0, < 5.11.1
• HIGH7.5CVE-2010-3198Zope Denial of Service (DoS) vulnerability in ZServer
  >= 2.10.0, < 2.10.12, >= 2.11.0, < 2.11.7
• HIGH7.5Zope Denial of Service (DoS) vulnerability in ZServer
  >= 2.10.0, < 2.10.12
• HIGH7.5Zope Denial of Service (DoS) vulnerability in ZServer
• HIGH7.5Remote Code Execution via unsafe classes in otherwise permitted modules
  >= 4.0, < 4.3
• HIGH7.5Remote Code Execution via unsafe classes in otherwise permitted modules
  >= 4.0, < 4.6.3
• HIGH7.5Remote Code Execution via unsafe classes in otherwise permitted modules
  from 0, < f72a18dda8e9bf2aedb46168761668464a4be988 | >= 4.0, < 4.6.3, >= 5.0, < 5.3
• HIGH7.5Remote Code Execution via unsafe classes in otherwise permitted modules
  from 0, < b42dd4badf803bb9fb71ac34cd9cb0c249262f2c | >= 5.0, < 5.2, >= 4.0, < 4.3
• MEDIUM6.8Information disclosure in AccessControl
  from 0, < 4.8.9
• MEDIUM6.8Remote Code Execution via traversal in TAL expressions
  from 0, < 1d897910139e2c0b11984fc9b78c1da1365bec21 | >= 5.0, < 5.2.1, >= 4.0, < 4.6.1
• MEDIUM6.8Remote Code Execution via traversal in TAL expressions
  from 0, < 4.6
• MEDIUM6.8Remote Code Execution via traversal in TAL expressions
  from 0, < 4.6.1
• MEDIUM6.8Remote Code Execution via traversal in TAL expressions
  from 0, < 4.6
• MEDIUM6.8Remote Code Execution via traversal in TAL expressions
  from 0, < 1f8456bf1f908ea46012537d52bd7e752a532c91 | from 0, < 4.6, >= 5.0, < 5.2
• MEDIUM6.8Remote Code Execution via traversal in TAL expressions
  >= 5.0, < 5.2.1
• MEDIUM6.1Zope XSS Vulnerability
  >= 3.1.1, < 3.7.3
• LOW3.7Zope vulnerable to Stored Cross Site Scripting with SVG images
  from 0, < 4.8.10
• LOW3.1Zope management interface vulnerable to stored cross site scripting via the title property
  >= 4.0.0, < 4.8.11
• LOW3.1Zope management interface vulnerable to stored cross site scripting via the title property
  from 0, < aeaf2cdc80dff60815e3706af448f086ddc3b98d, < 21dfa78609ffd8b6bd8143805678ebbacae5141a | >= 5.0, < 5.8.6, >= 4.0, < 4.8.11
• —Zope DocumentTemplate package allows unauthenticated write
  from 0, <= 2.2
• —Zope Server vulnerable to DoS via header injection
  >= 2.0.0, < 2.4.4b2
• —zope - arbitrary code execution
  >= 2.4.0, < 2.6.0
• —Zope does not properly verify the access for objects with proxy roles
  >= 2.2.0, < 2.4.4
• —Zope allows attackers to modify raw image and file data
  >= 2.2.0, <= 2.2.4
• —Zope does not properly perform security registration for legacy names
  >= 2.2.0, <= 2.2.4
• —Zope does not properly restrict access to the getRoles method
  from 0, < 2.2.1
• —Zope DTML implementation Improper Authentication
  >= 2.2.0, <= 2.2.4