Lucene search
K

494 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 12:26 a.m.16 views

Zend Framework Information Disclosure

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key...

7.5CVSS6.8AI score0.01356EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2022/05/17 12:26 a.m.13 views

GHSA-PM9M-W23Q-5967 Zend Framework Information Disclosure

Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key...

7.5CVSS7.3AI score0.01356EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/14 2:19 a.m.28 views

Zend Framework Allows SQL Injection

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...

9.8CVSS8AI score0.02047EPSS
Exploits1References9Affected Software2
Github Security Blog
Github Security Blog
added 2022/05/14 2:19 a.m.24 views

Zend Framework Allows SQL Injection

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...

9.8CVSS8AI score0.04124EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2022/05/14 2:19 a.m.27 views

GHSA-XFJQ-W3CW-H5FQ Zend Framework Allows SQL Injection

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...

9.8CVSS9.7AI score0.04124EPSS
Exploits1References10
OSV
OSV
added 2022/05/14 2:19 a.m.21 views

GHSA-P9HP-3GPV-52W3 Zend Framework Allows SQL Injection

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...

9.8CVSS9.5AI score0.02047EPSS
Exploits1References9
OSV
OSV
added 2022/05/14 12:56 a.m.30 views

GHSA-GP39-H9C2-QW79 Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS9.5AI score0.02164EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.30 views

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.4CVSS7AI score0.02611EPSS
Exploits0References8Affected Software10
OSV
OSV
added 2022/05/14 12:56 a.m.19 views

GHSA-43XG-87XW-JPV8 Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.4CVSS9.5AI score0.02611EPSS
Exploits0References7
OSV
OSV
added 2022/05/14 12:56 a.m.21 views

GHSA-5WM2-38Q5-5RXV Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

5CVSS9.2AI score0.02372EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.27 views

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

6.8CVSS6.9AI score0.02164EPSS
Exploits0References8Affected Software10
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.38 views

Several Zend Products Vulnerable to XXE and XEE attacks

Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...

5CVSS6.7AI score0.02372EPSS
Exploits0References8Affected Software10
OSV
OSV
added 2022/04/28 9:9 p.m.8 views

GHSA-F6P5-76FP-M248 URL Rewrite vulnerability in multiple zendframework components

zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...

7.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/04/28 9:9 p.m.23 views

URL Rewrite vulnerability in multiple zendframework components

zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...

0.7AI score
Exploits0References4Affected Software3
OpenVAS
OpenVAS
added 2021/09/21 12:0 a.m.23 views

ownCloud < 5.0.15, 6.0.x < 6.0.2 Multiple Vulnerabilities

ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...

9.8CVSS7.4AI score0.02462EPSS
Exploits0References2
OSV
OSV
added 2021/04/22 4:10 p.m.59 views

GHSA-M496-X567-F98C Fixes a bug in Zend Framework's Stream HTTP Wrapper

Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...

9.8CVSS9.4AI score0.01203EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2021/04/22 4:10 p.m.263 views

Fixes a bug in Zend Framework's Stream HTTP Wrapper

Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...

9.8CVSS1.6AI score0.75313EPSS
Exploits3References3Affected Software1
OSV
OSV
added 2021/04/21 9:15 p.m.27 views

CVE-2021-21426

Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...

9.8CVSS9.3AI score
Exploits0References1
NVD
NVD
added 2021/04/21 9:15 p.m.30 views

CVE-2021-21426

Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...

9.8CVSS0.01203EPSS
Exploits0References1
Prion
Prion
added 2021/04/21 9:15 p.m.35 views

Deserialization of untrusted data

Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...

7.5CVSS9.3AI score0.75313EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder