This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Zend | First view | 2015-08-25 |
| Product | Zend Framework | Last view | 2023-04-04 |
| Version | 2.5.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:zend:zend_framework | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2023-04-04 | CVE-2020-29312 | An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. |
| 7.5 | 2017-10-10 | CVE-2015-7503 | Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key. |
| 6.8 | 2015-08-25 | CVE-2015-5161 | The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-502 | Deserialization of Untrusted Data |
| 50% (1) | CWE-320 | Key Management Errors |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-03-14 | Zend Technologies Zend Framework heuristicScan XML external entity injection ... RuleID : 36895 - Type : SERVER-WEBAPP - Revision : 2 |
| 2016-03-14 | Zend Technologies Zend Framework heuristicScan XML external entity injection ... RuleID : 36894 - Type : SERVER-WEBAPP - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-08-29 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-1638-1.nasl - Type: ACT_GATHER_INFO |
| 2016-07-14 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2016-03c0ed3127.nasl - Type: ACT_GATHER_INFO |
| 2016-07-14 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2016-8952105d59.nasl - Type: ACT_GATHER_INFO |
| 2016-06-01 | Name: The remote Debian host is missing a security update. File: debian_DLA-499.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-2e7c06c639.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-6d70a701bf.nasl - Type: ACT_GATHER_INFO |
| 2016-03-04 | Name: The remote Fedora host is missing a security update. File: fedora_2015-f1e18131bc.nasl - Type: ACT_GATHER_INFO |
| 2015-08-28 | Name: The remote Debian host is missing a security update. File: debian_DLA-302.nasl - Type: ACT_GATHER_INFO |
| 2015-08-28 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2015-13488.nasl - Type: ACT_GATHER_INFO |
| 2015-08-28 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2015-13529.nasl - Type: ACT_GATHER_INFO |
| 2015-08-24 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3340.nasl - Type: ACT_GATHER_INFO |
| 2015-08-24 | Name: The remote Fedora host is missing one or more security updates. File: fedora_2015-13314.nasl - Type: ACT_GATHER_INFO |
