Summary
Detail | |||
---|---|---|---|
Vendor | Zend | First view | 2015-08-25 |
Product | Zend Framework | Last view | 2023-04-04 |
Version | 2.5.1 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:zend:zend_framework |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2023-04-04 | CVE-2020-29312 | An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. |
7.5 | 2017-10-10 | CVE-2015-7503 | Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. |
6.8 | 2015-08-25 | CVE-2015-5161 | The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-502 | Deserialization of Untrusted Data |
50% (1) | CWE-320 | Key Management Errors |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Zend Technologies Zend Framework heuristicScan XML external entity injection ... RuleID : 36895 - Type : SERVER-WEBAPP - Revision : 2 |
2016-03-14 | Zend Technologies Zend Framework heuristicScan XML external entity injection ... RuleID : 36894 - Type : SERVER-WEBAPP - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO |
2016-07-14 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2016-03c0ed3127.nasl - Type: ACT_GATHER_INFO |
2016-07-14 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2016-8952105d59.nasl - Type: ACT_GATHER_INFO |
2016-06-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-499.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-2e7c06c639.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-6d70a701bf.nasl - Type: ACT_GATHER_INFO |
2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-f1e18131bc.nasl - Type: ACT_GATHER_INFO |
2015-08-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-302.nasl - Type: ACT_GATHER_INFO |
2015-08-28 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2015-13488.nasl - Type: ACT_GATHER_INFO |
2015-08-28 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2015-13529.nasl - Type: ACT_GATHER_INFO |
2015-08-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3340.nasl - Type: ACT_GATHER_INFO |
2015-08-24 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2015-13314.nasl - Type: ACT_GATHER_INFO |