cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed).
Max CVSS
3.5
Published
2014-03-11
Updated
2014-03-12
EPSS
2.25%
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."
Max CVSS
4.3
Published
2014-03-11
Updated
2014-03-12
EPSS
0.87%
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.
Max CVSS
5.0
Published
2014-09-30
Updated
2014-10-02
EPSS
0.87%
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
Max CVSS
5.0
Published
2014-09-30
Updated
2023-02-13
EPSS
1.28%
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
Max CVSS
5.0
Published
2014-09-30
Updated
2023-02-13
EPSS
2.02%
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.
Max CVSS
5.0
Published
2014-09-30
Updated
2014-10-02
EPSS
0.87%
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!