CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2014-2683 – Mandriva Linux Security Advisory 2014-072
https://notcve.org/view.php?id=CVE-2014-2683
09 Apr 2014 — Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity... • http://advisories.mageia.org/MGASA-2014-0151.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2014-2681 – Mandriva Linux Security Advisory 2014-072
https://notcve.org/view.php?id=CVE-2014-2681
09 Apr 2014 — Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) at... • http://advisories.mageia.org/MGASA-2014-0151.html • CWE-19: Data Processing Errors •