Filtered by vendor Plone
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7941 | 1 Plone | 1 Plone | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | |||||
| CVE-2021-33509 | 1 Plone | 1 Plone | 2021-05-24 | 8.5 HIGH | 9.9 CRITICAL |
| Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | |||||
| CVE-2020-35190 | 1 Plone | 1 Plone | 2020-12-18 | 10.0 HIGH | 9.8 CRITICAL |
| The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password. | |||||