Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by Zend Technologies
CVE-2015-3154 (GCVE-0-2015-3154)
Vulnerability from cvelistv5 – Published: 2020-01-27 15:02 – Updated: 2024-08-06 05:39
VLAI
Summary
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
Severity
No CVSS data available.
CWE
- CRLF Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://framework.zend.com/security/advisory/ZF2015-04 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Zend Technologies | Zend Framework |
Affected:
before 1.12.12
Affected: 2.x before 2.3.8 Affected: 2.4.x before 2.4.1 |
Date Public
2015-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.844Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zend Framework",
"vendor": "Zend Technologies",
"versions": [
{
"status": "affected",
"version": "before 1.12.12"
},
{
"status": "affected",
"version": "2.x before 2.3.8"
},
{
"status": "affected",
"version": "2.4.x before 2.4.1"
}
]
}
],
"datePublic": "2015-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CRLF Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T15:02:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zend Framework",
"version": {
"version_data": [
{
"version_value": "before 1.12.12"
},
{
"version_value": "2.x before 2.3.8"
},
{
"version_value": "2.4.x before 2.4.1"
}
]
}
}
]
},
"vendor_name": "Zend Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CRLF Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://framework.zend.com/security/advisory/ZF2015-04",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2015-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3154",
"datePublished": "2020-01-27T15:02:12.000Z",
"dateReserved": "2015-04-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:39:31.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4451 (GCVE-0-2012-4451)
Vulnerability from cvelistv5 – Published: 2020-01-03 16:03 – Updated: 2024-08-06 20:35
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) View\Helper\Navigation\Sitemap, or (8) View\Helper\Placeholder\Container\AbstractStandalone, related to Escaper.
Severity
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
| https://bugs.gentoo.org/show_bug.cgi?id=436210 | x_refsource_MISC |
| http://seclists.org/oss-sec/2012/q3/571 | x_refsource_MISC |
| http://seclists.org/oss-sec/2012/q3/573 | x_refsource_MISC |
| http://framework.zend.com/security/advisory/ZF2012-03 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=860738 | x_refsource_MISC |
| https://github.com/zendframework/zf2/commit/27131… | x_refsource_MISC |
| http://www.securityfocus.com/bid/55636 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Zend Technologies | Zend Framework |
Affected:
2.0.x before 2.0.1
|
Date Public
2012-09-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zend Framework",
"vendor": "Zend Technologies",
"versions": [
{
"status": "affected",
"version": "2.0.x before 2.0.1"
}
]
}
],
"datePublic": "2012-09-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, or (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, related to Escaper."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-03T16:03:03.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/55636"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zend Framework",
"version": {
"version_data": [
{
"version_value": "2.0.x before 2.0.1"
}
]
}
}
]
},
"vendor_name": "Zend Technologies"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, or (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, related to Escaper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=436210",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"name": "http://seclists.org/oss-sec/2012/q3/571",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"name": "http://seclists.org/oss-sec/2012/q3/573",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2012-03",
"refsource": "MISC",
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=860738",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"name": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733",
"refsource": "MISC",
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"name": "http://www.securityfocus.com/bid/55636",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/55636"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4451",
"datePublished": "2020-01-03T16:03:03.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}