Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zendrest
(Zend)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 3 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2014-11-16 | CVE-2014-2683 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration,... | Zend_framework, Zendopenid, Zendrest, Zendservice_amazon, Zendservice_api, Zendservice_audioscrobbler, Zendservice_nirvanix, Zendservice_slideshare, Zendservice_technorati, Zendservice_windowsazure | N/A | ||
2014-11-16 | CVE-2014-2682 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity... | Zend_framework, Zendopenid, Zendrest, Zendservice_amazon, Zendservice_api, Zendservice_audioscrobbler, Zendservice_nirvanix, Zendservice_slideshare, Zendservice_technorati, Zendservice_windowsazure | N/A | ||
2014-11-16 | CVE-2014-2681 | Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External... | Zend_framework, Zendopenid, Zendrest, Zendservice_amazon, Zendservice_api, Zendservice_audioscrobbler, Zendservice_nirvanix, Zendservice_slideshare, Zendservice_technorati, Zendservice_windowsazure | N/A |