Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zope
(Zope)| Repositories | https://github.com/zopefoundation/Zope |
| #Vulnerabilities | 36 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-07-23 | CVE-2002-0687 | The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. | Zope | N/A | ||
| 2002-04-22 | CVE-2002-0170 | Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. | Zope | N/A | ||
| 2001-10-10 | CVE-2001-1278 | Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | Zope | N/A | ||
| 2001-10-10 | CVE-2001-1227 | Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. | Zope | N/A | ||
| 2001-08-22 | CVE-2001-0569 | Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. | Zope | N/A | ||
| 2001-08-22 | CVE-2001-0568 | Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. | Zope | N/A | ||
| 2001-08-14 | CVE-2001-0567 | Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass. | Zope | N/A | ||
| 2001-03-12 | CVE-2001-0128 | Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. | Linux, Debian_linux, Freebsd, Mandrake_linux, Linux, Linux_powertools, Zope | N/A | ||
| 2000-12-18 | CVE-2000-1212 | Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. | Zope | N/A | ||
| 2000-12-16 | CVE-2000-1211 | Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. | Zope | N/A |