VIR Vulnerability Intelligence Relay

Package impact

python PyPI / zope2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2012-5489 medium 6.5 12y ago The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to g… python
CVE-2012-5486 medium 6.4 8y ago ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. python
CVE-2009-5145 medium 6.1 6.1 4y ago Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. python
CVE-2012-6661 medium 5.0 8y ago Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via … python
CVE-2012-5507 medium 4.3 8y ago AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa… python
CVE-2010-1104 medium 4.3 16y ago Moderate severity vulnerability that affects Zope2 python