Search for packages
| purl | pkg:composer/zendframework/zendframework@2.0.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4bfz-jkrd-4kfn
Aliases: GHSA-fh7r-58q4-6387 |
Zendframework URL Rewrite vulnerability |
Affected by 3 other vulnerabilities. |
|
VCID-6jhj-a5eq-yya4
Aliases: CVE-2015-0270 GHSA-v59p-p692-v382 |
Affected by 14 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 12 other vulnerabilities. |
|
|
VCID-7ers-1ar5-kkf5
Aliases: GHSA-gff2-p6vm-3p8g |
ZendFramework potential remote code execution in zend-mail via Sendmail adapter |
Affected by 2 other vulnerabilities. |
|
VCID-7fuu-w1xh-u3hk
Aliases: GHSA-8q77-cv62-jj38 |
Zendframework has potential Cross-site Scripting vector in multiple view helpers |
Affected by 15 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-8pwu-jv65-yfdk
Aliases: CVE-2015-3154 GHSA-5957-5crx-79jx |
security update |
Affected by 14 other vulnerabilities. Affected by 21 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-8qnq-2wjn-5fd2
Aliases: ZF2013-03 |
SQL Injection Potential SQL injection due to execution of platform-specific SQL containing interpolations. |
Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-b2r1-wafq-jyg6
Aliases: GHSA-xg9w-r469-m455 |
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities |
Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-b5m8-jc12-1yc3
Aliases: ZF2015-09 |
Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`. |
Affected by 4 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-bha1-43g9-z7f2
Aliases: CVE-2015-7503 GHSA-pm9m-w23q-5967 |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
|
VCID-cpmt-fwxa-67br
Aliases: ZF2016-04 |
Remote code execution in zend-mail via Sendmail adapter A malicious user may be able to inject arbitrary parameters to the system Sendmail program. The attack is performed by providing additional quote characters within an address; when unsanitized, they can be interpreted as additional command line arguments, leading to the vulnerability. |
Affected by 2 other vulnerabilities. Affected by 3 other vulnerabilities. |
|
VCID-gznz-tm3a-nfgz
Aliases: ZF2018-01 |
URL Redirection to Untrusted Site (Open Redirect) URL Rewrite vulnerability. |
Affected by 3 other vulnerabilities. |
|
VCID-ha1v-jhhj-xuay
Aliases: CVE-2015-5161 GHSA-xp8p-9rq5-4wgv |
security update |
Affected by 9 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-hdkk-zmnj-dybn
Aliases: GHSA-2fhr-8r8r-qp56 |
ZendFramework Information Disclosure and Insufficient Entropy vulnerability |
Affected by 4 other vulnerabilities. |
|
VCID-jw3c-uvru-nbh2
Aliases: CVE-2014-8088 GHSA-f6rc-rh43-h8gr |
security update |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 13 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-k2zx-fhtb-93eq
Aliases: ZF2013-01 |
Paramter Injection Route Parameter Injection Via Query String in `Zend\Mvc`. |
Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-kckc-da9c-47dx
Aliases: ZF2014-03 |
Cross-site Scripting Potential XSS vector in multiple view helpers. |
Affected by 15 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-n9wy-nszp-muf1
Aliases: GHSA-62f6-h68r-3jpw |
Zendframework session validation vulnerability |
Affected by 11 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-p2qc-2q9q-tqc9
Aliases: ZF2013-02 |
Potential Information Disclosure and Insufficient Entropy vulnerabilities in `Zend\Math\Rand` and `Zend\Validate\Csrf` Components. |
Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-s7mx-8xh2-w3ca
Aliases: GMS-2015-48 |
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation. |
Affected by 4 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t9je-wgtj-wufm
Aliases: GHSA-jq87-2wxp-8349 |
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc` |
Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
|
VCID-thgd-stfh-aqce
Aliases: CVE-2015-5723 GHSA-pw5c-xqf2-6xc2 |
security update |
Affected by 8 other vulnerabilities. |
|
VCID-v56d-s5nh-n7c8
Aliases: ZF2015-01 |
Session Fixation Session validation vulnerability. |
Affected by 14 other vulnerabilities. Affected by 11 other vulnerabilities. Affected by 13 other vulnerabilities. |
|
VCID-wf2d-kqwd-aqdh
Aliases: GHSA-x2f4-8wxf-w3vf |
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations |
Affected by 17 other vulnerabilities. Affected by 19 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||