Amazon Linux 2 : php (ALASPHP8.1-2023-004)

The version of php installed on the remote host is prior to 8.1.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-004 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

Medium: php8.1

Issue Overview: GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw NOTE:...

SUSE-SU-2023:2980-1 Security update for php7

This update for php7 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP bsc1212349...

CVE-2023-3247

The CVE-2023-3247 issue affects PHP 8.0.x before 8.0.29, 8.1.x before 8.1.20, and 8.2.x before 8.2.7 when using SOAP HTTP Digest Authentication. The root cause is a random value generator not checked for failure and operating in a narrower value range, which could disclose 31 bits of uninitialize...

MGASA-2023-0234 Updated php packages fix security vulnerability

Fixed SOAP bug GHSA-76gg-c692-v2mw Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. CVE-2023-3247...

Updated php packages fix security vulnerability

Fixed SOAP bug GHSA-76gg-c692-v2mw Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. CVE-2023-3247...

SUSE SLES12 Security Update : php74 (SUSE-SU-2023:2848-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2848-1 advisory. - The vulnerability exists due to a missing error check and insufficient random bytes in HTTP Digest authentication for SOAP. A remote...

SUSE-SU-2023:2848-1 Security update for php74

This update for php74 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP bsc1212349...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:2828-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2828-1 advisory. - The vulnerability exists due to a missing error check and insufficient random bytes in HTTP Digest...

CVE-2023-3247

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

Authorization

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

CVE-2023-33274

CVE-2023-33274 affects PowerShield SNMP Web Pro 1.1. The vulnerability is in the authentication mechanism, allowing unauthenticated users to directly access CGI scripts due to a lack of proper cookie verification. It affects all instances where HTTP Digest authentication is not enabled, regardles...

CVE-2023-33274

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and...

PT-2023-24259 · Unknown · Powershield Snmp Web Pro

Name of the Vulnerable Software and Affected Versions: PowerShield SNMP Web Pro version 1.1 Description: The authentication mechanism contains an issue that allows unauthenticated users to directly access Common Gateway Interface CGI scripts without proper identification or authorization. This...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : PHP vulnerability (USN-6199-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6199-1 advisory. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose...

PHP 8.0.x < 8.0.29 Information Disclosure

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.29, 8.1.x prior to 8.1.20, or 8.2.x prior to 8.2.7. It is, therefore, affected by an information disclosure vulnerability. The random byte generation function used in the SOAP HTTP...

SUSE-SU-2023:2610-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP bsc1212349...

Debian: Security Advisory (DSA-5425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...