Skip to main content

Zendopenid

5 CVEs product

Monthly

CVE-2014-2684 MEDIUM This Month

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zendopenid Zend Framework
NVD
CVSS 2.0
6.4
EPSS
0.6%
CVE-2014-2683 PHP MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Zendrest Zend Framework Zendservice Slideshare Zendservice Api +6
NVD
CVSS 2.0
5.0
EPSS
2.6%
CVE-2014-2682 PHP MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

XXE Zendrest Zend Framework Zendservice Slideshare Zendservice Api +6
NVD VulDB
CVSS 2.0
6.8
EPSS
1.8%
CVE-2014-2681 PHP MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Zendrest Zend Framework Zendservice Slideshare +7
NVD
CVSS 2.0
6.4
EPSS
3.0%
CVE-2014-2685 HIGH This Week

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zend Framework Zendopenid
NVD
CVSS 2.0
7.5
EPSS
0.8%
EPSS 1% CVSS 6.4
MEDIUM This Month

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zendopenid Zend Framework
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Zendrest Zend Framework +8
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

XXE Zendrest Zend Framework +8
NVD VulDB
EPSS 3% CVSS 6.4
MEDIUM PATCH This Month

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service XXE Zendrest +9
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zend Framework Zendopenid
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy