Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
2.7
CVSSv3
CVE-2019-14407
cPanel prior to 78.0.2 reveals internal data to OpenID providers (SEC-415).
Cpanel Cpanel
1 Github repository
NA
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association ...
Zend Zendopenid
Zend Zend Framework
NA
CVE-2014-1475
The OpenID module in Drupal 6.x prior to 6.30 and 7.x prior to 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.10
Drupal Drupal 7.18
Drupal Drupal 7.19
Drupal Drupal 7.13
Drupal Drupal 7.14
Drupal Drupal 7.21
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.12
Drupal Drupal 7.2
Drupal Drupal 7.20
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.23
Drupal Drupal 7.24
Drupal Drupal 6.0
Drupal Drupal 6.11
Drupal Drupal 6.12
Drupal Drupal 6.19
7.5
CVSSv3
CVE-2021-45325
Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
Gitea Gitea
4.3
CVSSv3
CVE-2019-14408
cPanel prior to 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).
Cpanel Cpanel
7.3
CVSSv3
CVE-2018-20914
In cPanel prior to 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
Cpanel Cpanel
NA
CVE-2014-2685
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote malicious users to bypas...
Zend Zend Framework 1.9.7
Zend Zend Framework 1.9.6
Zend Zend Framework 1.9.0
Zend Zend Framework 1.8.1
Zend Zend Framework 1.8.0
Zend Zend Framework 1.7.5
Zend Zend Framework 1.7.4
Zend Zend Framework 1.7.0
Zend Zend Framework 1.6.2
Zend Zend Framework 1.6.1
Zend Zend Framework 1.5.1
Zend Zend Framework 1.5.0
Zend Zend Framework 1.12.0
Zend Zend Framework 1.11.7
Zend Zend Framework 1.11.6
Zend Zend Framework 1.9.5
Zend Zend Framework 1.9.4
Zend Zend Framework 1.8.5
Zend Zend Framework 1.7.3
Zend Zend Framework 1.6.0
Zend Zend Framework 1.12.2
Zend Zend Framework 1.11.5
6.1
CVSSv3
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openi...
Openidc Mod Auth Openidc
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2021-20278
An authentication bypass vulnerability was found in Kiali in versions prior to 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used...
Kiali Kiali
5.3
CVSSv3
CVE-2020-5300
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique ide...
Ory Hydra
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »