Known Vulnerabilities for products from Zend
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zend".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-27888 json | ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters. | 6.1 - MEDIUM | 2021-03-02 | 2021-03-09 |
| CVE-2021-3007 json | ** DISPUTED ** Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that... | 9.8 - CRITICAL | 2021-01-04 | 2023-11-07 |
| CVE-2020-29312 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-04-04 | 2023-04-10 |
| CVE-2020-8986 json | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, a... | 9.8 - CRITICAL | 2020-03-24 | 2020-03-27 |
| CVE-2020-8985 json | ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | 8.8 - HIGH | 2020-03-24 | 2020-03-27 |
| CVE-2020-8984 json | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. | 7.5 - HIGH | 2020-03-24 | 2020-03-27 |
| CVE-2018-1000841 json | Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in... | 6.1 - MEDIUM | 2018-12-20 | 2019-02-04 |
| CVE-2018-10230 json | Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. | 6.1 - MEDIUM | 2018-04-19 | 2018-05-21 |
| CVE-2016-10034 json | The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, ... | 9.8 - CRITICAL | 2016-12-30 | 2018-10-21 |
| CVE-2016-6233 json | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to co... | 9.8 - CRITICAL | 2017-02-17 | 2023-11-07 |
| CVE-2016-4861 json | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to co... | 9.8 - CRITICAL | 2017-02-17 | 2023-11-07 |
| CVE-2015-7695 json | The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to... | 9.8 - CRITICAL | 2016-06-07 | 2016-11-28 |
| CVE-2015-7503 json | Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to ... | 7.5 - HIGH | 2017-10-10 | 2017-11-05 |
| CVE-2015-5723 json | Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM... | 7.8 - HIGH | 2016-06-07 | 2023-11-07 |
| CVE-2015-5161 json | The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5... | 6.8 - MEDIUM | 2015-08-25 | 2016-12-24 |
| CVE-2015-3257 json | Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input, which allows remote atta... | 6.1 - MEDIUM | 2017-08-25 | 2017-08-29 |
| CVE-2015-3154 json | CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.... | 6.1 - MEDIUM | 2020-01-27 | 2020-01-30 |
| CVE-2015-1786 json | Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malfo... | 8.8 - HIGH | 2017-06-08 | 2017-06-15 |
| CVE-2015-1555 json | Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid ... | 9.1 - CRITICAL | 2017-08-07 | 2017-08-15 |
| CVE-2015-0270 json | Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | 9.8 - CRITICAL | 2019-10-25 | 2019-10-30 |
Known software with vulnerabilities from Zend
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zend | Diactoros | 1.0.0 |
| Application | Zend | Zend-cache | 2.0.0 |
| Application | Zend | Zend-mail | 2.0.0 |
| Application | Zend | Zendopenid | 2.0.1 |
| Application | Zend | Zendrest | 2.0.1 |
| Application | Zend | Zendservice Amazon | 2.0.2 |
| Application | Zend | Zendservice Api | 1.0.0 |
| Application | Zend | Zendservice Audioscrobbler | 2.0.1 |
| Application | Zend | Zendservice Nirvanix | 2.0.1 |
| Application | Zend | Zendservice Slideshare | 2.0.1 |
| Application | Zend | Zendservice Technorati | 2.0.1 |
| Application | Zend | Zendservice Windowsazure | 2.0.1 |
| Application | Zend | Zendto | 3.10 |
| Application | Zend | Zend Framework | 1.0.0 |
| Application | Zend | Zend Server | 5.1.0 |
| Application | Zend | Zf-apigility-doctrine | 0.1.0 |