Search CVE reports
1 – 7 of 7 results
CVE-2011-4924
Medium priorityCross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web...
5 affected packages
zope2.10, zope2.11, zope2.12, zope2.9, zope3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
zope2.10 | — | — | — | — | — |
zope2.11 | — | — | — | — | — |
zope2.12 | — | — | — | — | — |
zope2.9 | — | — | — | — | — |
zope3 | — | — | — | — | — |
CVE-2010-3198
Medium priorityZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.
2 affected packages
zope2.10, zope2.11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
zope2.10 | — | — | — | — | — |
zope2.11 | — | — | — | — | — |
CVE-2010-1104
Medium priorityCross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via...
4 affected packages
zope2.10, zope2.11, zope2.8, zope2.9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
zope2.10 | — | — | — | — | — |
zope2.11 | — | — | — | — | — |
zope2.8 | — | — | — | — | — |
zope2.9 | — | — | — | — | — |
CVE-2009-0669
Medium prioritySome fixes available 6 of 16
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
6 affected packages
zodb, zope2.10, zope2.11, zope2.8, zope2.9, zope3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
zodb | — | — | — | — | — |
zope2.10 | — | — | — | — | — |
zope2.11 | — | — | — | — | — |
zope2.8 | — | — | — | — | — |
zope2.9 | — | — | — | — | — |
zope3 | — | — | — | — | — |
CVE-2009-0668
Medium prioritySome fixes available 6 of 16
Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO...
6 affected packages
zodb, zope2.10, zope2.11, zope2.8, zope2.9, zope3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
zodb | — | — | — | — | — |
zope2.10 | — | — | — | — | — |
zope2.11 | — | — | — | — | — |
zope2.8 | — | — | — | — | — |
zope2.9 | — | — | — | — | — |
zope3 | — | — | — | — | — |
CVE-2008-5102
Medium priorityPythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
1 affected package
zope2.10
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
zope2.10 | — | — | — | — | — |
CVE-2006-3458
Unknown prioritySome fixes available 2 of 3
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to...
2 affected packages
zope2.10, zope2.9
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
zope2.10 | — | — | — | — | — |
zope2.9 | — | — | — | — | — |