| Max CVSS | 7.5 | Min CVSS | 6.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-2685 | 7.5 |
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remot
|
04-11-2017 - 01:29 | 04-09-2014 - 17:55 | |
| CVE-2014-2684 | 6.4 |
The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provide
|
04-11-2017 - 01:29 | 16-11-2014 - 00:59 |