CVSS: 9.8EPSS: 7%CPEs: 8EXPL: 1CVE-2014-8089 – Debian Security Advisory 3265-1
https://notcve.org/view.php?id=CVE-2014-8089
30 Mar 2015 — SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte. Una vulnerabilidad de inyección SQL en Zend Framework versiones anteriores a 1.12.9, versiones 2.2.x anteriores a 2.2.8 y versiones 2.3.x anteriores a 2.3.3, cuando se usa la extensión PHP sqlsrv, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio de un byte null. XML eXter... • http://framework.zend.com/security/advisory/ZF2014-06 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 21EXPL: 0CVE-2014-8088 – Mandriva Linux Security Advisory 2014-216
https://notcve.org/view.php?id=CVE-2014-8088
22 Oct 2014 — The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. (1) La clase Zend_Ldap en Zend anterior a 1.12.9 y (2) el componente Zend\Ldap en Zend 2.x anterior a 2.2.8 y 2.3.x anterior a 2.3.3 permite a atacantes remotos evadir la autenticación a través de una contraseña que empiece por un byte nulo, lo que provoca un... • http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141070.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 0CVE-2014-2681 – Mandriva Linux Security Advisory 2014-072
https://notcve.org/view.php?id=CVE-2014-2681
09 Apr 2014 — Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) at... • http://advisories.mageia.org/MGASA-2014-0151.html • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2014-2682 – Mandriva Linux Security Advisory 2014-072
https://notcve.org/view.php?id=CVE-2014-2682
09 Apr 2014 — Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an... • http://advisories.mageia.org/MGASA-2014-0151.html • CWE-19: Data Processing Errors •
CVSS: 9.8EPSS: 3%CPEs: 12EXPL: 0CVE-2014-2683 – Mandriva Linux Security Advisory 2014-072
https://notcve.org/view.php?id=CVE-2014-2683
09 Apr 2014 — Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity... • http://advisories.mageia.org/MGASA-2014-0151.html • CWE-17: DEPRECATED: Code •