Security Advisories - zendframework/zendframework

zendframework/zendframework Security Advisories for 2.2.3 (12)

URL Rewrite vulnerability

Affected version: <2.5.0

Reported by:
FriendsOfPHP/security-advisories
Potential remote code execution in zend-mail via Sendmail adapter

Affected version: >=2.0.0,<2.1.0|>=2.1.0,<2.2.0|>=2.2.0,<2.3.0|>=2.3.0,<2.4.0|>=2.4.0,<2.4.11

Reported by:
FriendsOfPHP/security-advisories
Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey

CVE-2015-7503

Affected version: >=2.0.0,<2.4.9

Reported by:
FriendsOfPHP/security-advisories
Potential Information Disclosure and Insufficient Entropy vulnerability in Zend\Captcha\Word

Affected version: >=2.0.0,<2.4.9

Reported by:
FriendsOfPHP/security-advisories
XXE/XEE vector when using ZendXml on multibyte payloads

CVE-2015-5161

Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.99|>=2.3.0,<2.3.8|>=2.4.0,<2.4.6|>=2.5.0,<2.5.1

Reported by:
FriendsOfPHP/security-advisories
Potential SQL injection in PostgreSQL Zend\Db adapter

CVE-2015-0270

Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.10|>=2.3.0,<2.3.5

Reported by:
FriendsOfPHP/security-advisories
Session validation vulnerability

Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.9|>=2.3.0,<2.3.4

Reported by:
FriendsOfPHP/security-advisories
SQL injection vector when manually quoting values for sqlsrv extension, using null byte

CVE-2014-8089

Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.8|>=2.3.0,<2.3.3

Reported by:
FriendsOfPHP/security-advisories
Anonymous authentication in ldap_bind() function of PHP, using null byte

CVE-2014-8088

Affected version: >=2.0.0,<2.0.99|>=2.1.0,<2.1.99|>=2.2.0,<2.2.8|>=2.3.0,<2.3.3

Reported by:
FriendsOfPHP/security-advisories
Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

Affected version: >=2.1.0,<2.1.6|>=2.2.0,<2.2.6

Reported by:
FriendsOfPHP/security-advisories
Potential XSS vector in multiple view helpers

Affected version: >=2.0.0,<2.2.7|>=2.3.0,<2.3.1

Reported by:
FriendsOfPHP/security-advisories
Potential Remote Address Spoofing Vector in Zend\Http\PhpEnvironment\RemoteAddress

Affected version: >=2.2.0,<2.2.5

Reported by:
FriendsOfPHP/security-advisories