15 matches found
EUVD-2021-0189
Malware in sbrugna...
EUVD-2023-0209
Malicious code in bioql PyPI...
(0Day) Zope CMFCore Uncontrolled Resource Consumption Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Zope Application Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the contentFilter class. The issue results from...
CVE-2023-36814
Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...
PYSEC-2023-113
Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...
CVE-2023-36814
Affected product/component: Products.CMFCore (cmf/core for Zope CMF; PortalFolder public method). Vulnerability details: Unchecked input handled with Python’s marshal module can cause an unauthenticated denial of service and crash. The issue is exposed in portal software built on Products.CMFCore...
PT-2023-25705 · Python +3 · Python +3
Name of the Vulnerable Software and Affected Versions: Products.CMFCore versions prior to 3.2 Description: The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in...
Zope Products.CMFCore 安全漏洞
Products.CMFCore is a key framework service for the Zope Content Management Framework CMF. A security vulnerability exists in Zope Products.CMFCore versions prior to 3.2, which stems from the presence of unchecked input and could lead to an unauthenticated denial of service and crash...
Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...
GHSA-35RG-466W-77H3 Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...
CVE-2021-33507
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...
Cross site scripting
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...
PYSEC-2021-79
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...
PYSEC-2021-79
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS...
CVE-2021-33507
CVE-2021-33507 affects Zope CMFCore prior to 2.5.1 and Products.PluggableAuthService prior to 2.6.2, as used in Plone up to 5.2.4 and other products, enabling Reflected XSS. Connected sources confirm the affected components and versions; no exploitation details are provided in the documents. The ...