zendframework/zendframework Security Advisories for 2.0.0rc1 (16)
-
URL Rewrite vulnerability
Affected version: <2.5.0
Reported by:
FriendsOfPHP/security-advisories -
Potential remote code execution in zend-mail via Sendmail adapter
Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.4.11
Reported by:
FriendsOfPHP/security-advisories -
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey
Affected version: >=2.0.0,<2.4.9
Reported by:
FriendsOfPHP/security-advisories -
Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word
Affected version: >=2.0.0,<2.4.9
Reported by:
FriendsOfPHP/security-advisories -
XXE/XEE vector when using ZendXml on multibyte payloads
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.8|>=2.4.0,<2.4.6|>=2.5.0,<2.5.1
Reported by:
FriendsOfPHP/security-advisories -
Potential CRLF injection attacks in mail and HTTP headers
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.3.0,<2.3.8|>=2.4.0,<2.4.1
Reported by:
FriendsOfPHP/security-advisories -
Potential SQL injection in PostgreSQL Zend\Db adapter
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.10|>=2.3.0,<2.3.5
Reported by:
FriendsOfPHP/security-advisories -
Session validation vulnerability
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.9|>=2.3.0,<2.3.4
Reported by:
FriendsOfPHP/security-advisories -
SQL injection vector when manually quoting values for sqlsrv extension, using null byte
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.8|>=2.3.0,<2.3.3
Reported by:
FriendsOfPHP/security-advisories -
Anonymous authentication in ldap_bind() function of PHP, using null byte
Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.8|>=2.3.0,<2.3.3
Reported by:
FriendsOfPHP/security-advisories -
Potential XSS vector in multiple view helpers
Affected version: >=2.0.0,<2.2.7|>=2.3.0,<2.3.1
Reported by:
FriendsOfPHP/security-advisories -
Potential Information Disclosure and Insufficient Entropy vulnerabilities in Zend\Math\Rand and Zend\Validate\Csrf Components
Affected version: >=2.0.0,<2.0.8|>=2.1.0,<2.1.4
Reported by:
FriendsOfPHP/security-advisories -
Potential SQL injection due to execution of platform-specific SQL containing interpolations
Affected version: >=2.0.0,<2.0.8|>=2.1.0,<2.1.4
Reported by:
FriendsOfPHP/security-advisories -
Route Parameter Injection Via Query String in Zend\Mvc
Affected version: >=2.0.0,<2.0.8|>=2.1.0,<2.1.4
Reported by:
FriendsOfPHP/security-advisories -
Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components
Affected version: >=2.0.0,<2.0.5
Reported by:
FriendsOfPHP/security-advisories -
Potential XSS Vectors in Multiple Zend Framework 2 Components
Affected version: >=2.0.0,<2.0.1
Reported by:
FriendsOfPHP/security-advisories