Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openid openid - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25128
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an malicious user to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability co...
2.7
CVSSv3
CVE-2019-14407
cPanel prior to 78.0.2 reveals internal data to OpenID providers (SEC-415).
Cpanel Cpanel
1 Github repository
NA
CVE-2014-2684
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association ...
Zend Zendopenid
Zend Zend Framework
NA
CVE-2014-1475
The OpenID module in Drupal 6.x prior to 6.30 and 7.x prior to 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
Drupal Drupal 7.0
Drupal Drupal 7.16
Drupal Drupal 7.21
Drupal Drupal 7.18
Drupal Drupal 7.15
Drupal Drupal 7.17
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.10
Drupal Drupal 7.12
Drupal Drupal 7.22
Drupal Drupal 7.11
Drupal Drupal 7.19
Drupal Drupal 7.24
Drupal Drupal 7.14
Drupal Drupal 7.23
Drupal Drupal 7.1
Drupal Drupal 7.2
Drupal Drupal 6.0
Drupal Drupal 6.2
Drupal Drupal 6.14
Drupal Drupal 6.24
4.3
CVSSv3
CVE-2019-14408
cPanel prior to 78.0.2 allows a demo account to link with an OpenID provider (SEC-460).
Cpanel Cpanel
7.5
CVSSv3
CVE-2021-45325
Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
Gitea Gitea
7.3
CVSSv3
CVE-2018-20914
In cPanel prior to 70.0.23, OpenID providers can inject arbitrary data into cPanel session files (SEC-368).
Cpanel Cpanel
NA
CVE-2014-2685
The GenericConsumer class in the Consumer component in ZendOpenId prior to 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 prior to 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote malicious users to bypas...
Zend Zend Framework 1.10.6
Zend Zend Framework 1.10.0
Zend Zend Framework 1.12.0
Zend Zend Framework 1.11.0
Zend Zend Framework 1.10.3
Zend Zend Framework 1.11.4
Zend Zend Framework 1.7.4
Zend Zend Framework 1.7.5
Zend Zend Framework 1.10.5
Zend Zend Framework 1.11.11
Zend Zend Framework 1.10.8
Zend Zend Framework 1.12.2
Zend Zend Framework 1.5.0
Zend Zend Framework 1.9.6
Zend Zend Framework 1.8.3
Zend Zend Framework 1.7.6
Zend Zend Framework 1.8.0
Zend Zend Framework 1.11.5
Zend Zend Framework 1.8.4
Zend Zend Framework 1.7.2
Zend Zend Framework 1.0.0
Zend Zend Framework 1.6.0
6.1
CVSSv3
CVE-2021-39191
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions before 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openi...
Openidc Mod Auth Openidc
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2021-20278
An authentication bypass vulnerability was found in Kiali in versions prior to 1.31.0 when the authentication strategy `OpenID` is used. When RBAC is enabled, Kiali assumes that some of the token validation is handled by the underlying cluster. When OpenID `implicit flow` is used...
Kiali Kiali
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »