Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 22 results


CVE-2014-8089

Medium priority
Vulnerable

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

2 affected packages

zend-framework, zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zend-framework Not in release Not in release Not in release Not in release Vulnerable
zendframework Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2015-3154

Medium priority
Vulnerable

CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks...

2 affected packages

zend-framework, zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zend-framework Not in release Not in release Not in release Not in release Vulnerable
zendframework Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2012-4451

Medium priority
Vulnerable

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub,...

2 affected packages

zend-framework, zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zend-framework Not in release Not in release Not in release Not in release Vulnerable
zendframework Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2014-4913

Medium priority
Ignored

ZF2014-03 has a potential cross site scripting vector in multiple view helpers

1 affected packages

zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zendframework
Show less packages

CVE-2011-1939

Low priority
Ignored

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

1 affected packages

zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zendframework
Show less packages

CVE-2015-0270

Medium priority
Ignored

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter.

2 affected packages

php-zend-db, zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
php-zend-db
zendframework
Show less packages

CVE-2014-4914

Medium priority
Ignored

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

1 affected packages

zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zendframework
Show less packages

CVE-2015-1555

Medium priority
Ignored

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.

2 affected packages

zend-framework, zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zend-framework Not in release Not affected
zendframework Not affected Not in release
Show less packages

CVE-2015-1786

Medium priority
Ignored

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers.

1 affected packages

zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zendframework
Show less packages

CVE-2016-4861

Medium priority
Vulnerable

The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.

2 affected packages

zend-framework, zendframework

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
zend-framework Not in release Not in release Not in release Not in release Vulnerable
zendframework Not in release Not in release Not in release Not affected Not in release
Show less packages