Zope@2.2.3 Security Vulnerabilities and Issues — Zope@2.2.3 CVE List

Lucene search

ZopeZope2.2.3

6 matches found

CVE•added 2003/04/02 5:0 a.m.•61 views

CVE-2000-1212

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

5CVSS6.3AI score0.00862EPSS

CVE•added 2003/04/02 5:0 a.m.•47 views

CVE-2000-1211

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

7.5CVSS6.6AI score0.00602EPSS

CVE•added 2003/04/02 5:0 a.m.•42 views

CVE-2002-0170

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

7.5CVSS6.5AI score0.00743EPSS

CVE•added 2008/11/17 6:18 p.m.•38 views

CVE-2008-5102

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.

4CVSS6.3AI score0.11195EPSS

CVE•added 2002/06/25 4:0 a.m.•37 views

CVE-2001-1227

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

7.5CVSS6.6AI score0.00702EPSS

CVE•added 2002/05/03 4:0 a.m.•32 views

CVE-2001-1278

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

7.5CVSS6.6AI score0.00409EPSS