Known Vulnerabilities for Zend Framework by Zend
Listed below are 10 of the newest known vulnerabilities associated with "Zend Framework" by "Zend".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-3007 json | ** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that... | 9.8 - CRITICAL | 2021-01-04 | 2023-11-07 |
| CVE-2020-29312 json | An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize fun... | 9.8 - CRITICAL | 2023-04-04 | 2023-04-10 |
| CVE-2016-10034 json | The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, ... | 9.8 - CRITICAL | 2016-12-30 | 2018-10-21 |
| CVE-2016-6233 json | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to co... | 9.8 - CRITICAL | 2017-02-17 | 2023-11-07 |
| CVE-2016-4861 json | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to co... | 9.8 - CRITICAL | 2017-02-17 | 2023-11-07 |
| CVE-2015-7695 json | The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to... | 9.8 - CRITICAL | 2016-06-07 | 2016-11-28 |
| CVE-2015-7503 json | Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to ... | 7.5 - HIGH | 2017-10-10 | 2017-11-05 |
| CVE-2015-5723 json | Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM... | 7.8 - HIGH | 2016-06-07 | 2023-11-07 |
| CVE-2015-5161 json | The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5... | 6.8 - MEDIUM | 2015-08-25 | 2016-12-24 |
| CVE-2015-3154 json | CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.... | 6.1 - MEDIUM | 2020-01-27 | 2020-01-30 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Zend | Zend Framework | 3.0.0 | |||
| Application | Zend | Zend Framework | 2.5.3 | |||
| Application | Zend | Zend Framework | 2.5.2 | |||
| Application | Zend | Zend Framework | 2.5.1 | |||
| Application | Zend | Zend Framework | 2.5.0 | |||
| Application | Zend | Zend Framework | 2.4.9 | |||
| Application | Zend | Zend Framework | 2.4.7 | |||
| Application | Zend | Zend Framework | 2.4.5 | |||
| Application | Zend | Zend Framework | 2.4.4 | |||
| Application | Zend | Zend Framework | 2.4.3 | |||
| Application | Zend | Zend Framework | 2.4.2 | |||
| Application | Zend | Zend Framework | 2.4.13 | |||
| Application | Zend | Zend Framework | 2.4.12 | |||
| Application | Zend | Zend Framework | 2.4.11 | |||
| Application | Zend | Zend Framework | 2.4.10 | |||
| Application | Zend | Zend Framework | 2.4.1 | |||
| Application | Zend | Zend Framework | 2.4.0 | |||
| Application | Zend | Zend Framework | 2.4.0 | |||
| Application | Zend | Zend Framework | 2.4.0 | |||
| Application | Zend | Zend Framework | 2.4.0 |