Vulnerabilities > Zend > Zend Framework > 2.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2020-29312 | Deserialization of Untrusted Data vulnerability in Zend Framework An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. | 9.8 |
| 2019-12-15 | CVE-2014-4913 | Cross-site Scripting vulnerability in multiple products ZF2014-03 has a potential cross site scripting vector in multiple view helpers | 6.1 |
| 2016-12-30 | CVE-2016-10034 | Command Injection vulnerability in Zend Framework The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address. | 9.8 |
| 2016-06-07 | CVE-2015-5723 | Permissions, Privileges, and Access Controls vulnerability in multiple products Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code. | 7.8 |