Zend Zendopenid vulnerabilities

5 known vulnerabilities affecting zend/zendopenid.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2014-2681MEDIUMCVSS 6.4≤ 2.0.12014-11-16
CVE-2014-2681 [MEDIUM] CVE-2014-2681: Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpen Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary
nvd
CVE-2014-2683MEDIUMCVSS 5.0≤ 2.0.12014-11-16
CVE-2014-2683 [MEDIUM] CVE-2014-2683: Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpen Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial
nvd
CVE-2014-2684MEDIUMCVSS 6.4≤ 2.0.12014-11-16
CVE-2014-2684 [MEDIUM] CWE-264 CVE-2014-2684: The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_C The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbi
nvd
CVE-2014-2682MEDIUMCVSS 6.8≤ 2.0.12014-11-16
CVE-2014-2682 [MEDIUM] CVE-2014-2682: Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpen Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly
nvd
CVE-2014-2685HIGHCVSS 7.5≤ 2.0.12014-09-04
CVE-2014-2685 [HIGH] CWE-287 CVE-2014-2685: The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_C The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.
nvd