Search for packages
| purl | pkg:composer/zendframework/zendframework@2.0.0rc1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6xpr-93ef-27cu
Aliases: CVE-2014-8088 GHSA-f6rc-rh43-h8gr |
Improper Authentication The (1) `Zend_Ldap` class in Zend and (2) `Zend dap` component in Zend allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 9 other vulnerabilities. Affected by 11 other vulnerabilities. |
|
VCID-8fwb-56kb-jubf
Aliases: CVE-2015-7503 GHSA-pm9m-w23q-5967 |
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey Zend\Crypt\PublicKey\Rsa\PublicKey has a call to `openssl_public_encrypt()` which uses PHP's default `$padding` argument, which specifies `OPENSSL_PKCS1_PADDING`, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the Bleichenbacher's chosen-ciphertext attack, which can be used to decrypt arbitrary ciphertexts. Users should upgrade to a fixed version unless there are not using the RSA public key functionality. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-q74z-645k-c7dk
Aliases: CVE-2015-5723 GHSA-pw5c-xqf2-6xc2 |
Security Misconfiguration Vulnerability Doctrine uses `mkdir($cacheDirectory )` to create caches directories. if your application runs with a umask of |
Affected by 5 other vulnerabilities. |
|
VCID-qs6q-pjks-euh4
Aliases: ZF2016-04 |
Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability. |
Affected by 1 other vulnerability. Affected by 3 other vulnerabilities. |
|
VCID-vmut-b2y4-rkcp
Aliases: GMS-2015-48 |
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-wz4g-j8zt-ruff
Aliases: ZF2018-01 |
URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||