Search for packages
| purl | pkg:composer/zendframework/zendframework1@1.12.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6duj-8u32-wyf8
Aliases: CVE-2014-8089 GHSA-qh9w-r7g5-q939 |
security update |
Affected by 16 other vulnerabilities. |
|
VCID-6yzr-h81y-jbda
Aliases: GMS-2015-49 |
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation. |
Affected by 7 other vulnerabilities. |
|
VCID-8pwu-jv65-yfdk
Aliases: CVE-2015-3154 GHSA-5957-5crx-79jx |
security update |
Affected by 15 other vulnerabilities. |
|
VCID-b5m8-jc12-1yc3
Aliases: ZF2015-09 |
Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`. |
Affected by 7 other vulnerabilities. |
|
VCID-dx2w-e51v-6ya7
Aliases: GHSA-v42g-7q2x-cw32 |
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite) |
Affected by 10 other vulnerabilities. |
|
VCID-ejyv-74a2-xkbd
Aliases: GHSA-2x36-qhx3-7m5f |
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select |
Affected by 18 other vulnerabilities. |
|
VCID-ha1v-jhhj-xuay
Aliases: CVE-2015-5161 GHSA-xp8p-9rq5-4wgv |
security update |
Affected by 14 other vulnerabilities. |
|
VCID-jetd-1p57-hyh6
Aliases: GHSA-848f-mph5-9pm9 |
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability |
Affected by 7 other vulnerabilities. |
|
VCID-jw3c-uvru-nbh2
Aliases: CVE-2014-8088 GHSA-f6rc-rh43-h8gr |
security update |
Affected by 16 other vulnerabilities. |
|
VCID-mu4w-1m4s-fqgb
Aliases: CVE-2016-6233 GHSA-p9hp-3gpv-52w3 |
Multiple vulnerabilities have been found in Zend Framework, the worst of which could allow attackers to remotely execute arbitrary commands. |
Affected by 2 other vulnerabilities. |
|
VCID-nzjh-hsdn-73hr
Aliases: CVE-2015-7695 GHSA-2hvh-c5c2-vj85 |
security update |
Affected by 10 other vulnerabilities. |
|
VCID-pvs6-aj43-xue8
Aliases: ZF2014-04 |
SQL Injection Potential SQL injection in the ORDER implementation of `Zend_Db_Select`. |
Affected by 18 other vulnerabilities. |
|
VCID-qx35-s89y-aufb
Aliases: ZF2016-11 |
Potential Insufficient Entropy There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library. |
Affected by 4 other vulnerabilities. |
|
VCID-rbf7-4u42-yyhq
Aliases: ZF2016-01 |
Potential Insufficient Entropy Vulnerability in ZF1. |
Affected by 4 other vulnerabilities. |
|
VCID-rnn1-91rc-ebcf
Aliases: ZF2016-03 |
Potential SQL injection in ORDER and GROUP functions The implementation of ORDER BY and GROUP BY in `Zend_Db_Select` is prone to SQL injection when a combination of SQL expressions and comments are used. |
Affected by 0 other vulnerabilities. |
|
VCID-s5ss-4mta-wkd5
Aliases: ZF2015-08 |
SQL Injection Potential SQL injection vector using null byte for PDO (MsSql, SQLite). |
Affected by 10 other vulnerabilities. |
|
VCID-scar-8fh6-pkbz
Aliases: GHSA-6fqw-j3vm-7f66 |
Zendframework1 Potential SQL injection in ORDER and GROUP functions |
Affected by 0 other vulnerabilities. |
|
VCID-thgd-stfh-aqce
Aliases: CVE-2015-5723 GHSA-pw5c-xqf2-6xc2 |
security update |
Affected by 10 other vulnerabilities. |
|
VCID-ts3t-ua4s-nkbp
Aliases: ZF2016-02 |
Potential SQL injection The implementation of `ORDER BY` and `GROUP BY` in `Zend_Db_Select` of ZF1 is vulnerable by the following SQL injection. |
Affected by 2 other vulnerabilities. |
|
VCID-xmv1-fye4-buey
Aliases: GHSA-8xhv-gqm4-3w99 |
ZendFramework1 Potential Insufficient Entropy Vulnerability |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||