(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
Max CVSS
3.5
EPSS Score
2.25%
Published
2014-03-11
Updated
2014-03-12
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
Max CVSS
4.3
EPSS Score
0.87%
Published
2014-03-11
Updated
2014-03-12
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.
Max CVSS
5.0
EPSS Score
0.87%
Published
2014-09-30
Updated
2014-10-02
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
Max CVSS
5.0
EPSS Score
1.28%
Published
2014-09-30
Updated
2023-02-13
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
Max CVSS
5.0
EPSS Score
2.03%
Published
2014-09-30
Updated
2023-02-13
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
Max CVSS
5.0
EPSS Score
0.87%
Published
2014-09-30
Updated
2014-10-02
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
Max CVSS
5.0
EPSS Score
1.87%
Published
2011-12-30
Updated
2017-08-29
7 vulnerabilities found