BIT-LIBPHP-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

RLSA-2025:1582 Moderate: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: undici: Undici Uses Insufficiently Random Values CVE-2025-22150 nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap CVE-2025-23085 For mor...

BIT-PHP-MIN-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

FIWARE Keyrock Encryption Issue Vulnerability

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and prior versions, which arises from a predictable random value for user-created activation tokens that can be exploited by an attacker to predict...

DigiCert to Revoke 83,000+ SSL Certificates Due to Domain Validation Oversight

Certificate authority CA DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificate...

Siemens S7-200 SMART series uses unsafe random value vulnerability

The S7-200 SMART series is a series of miniature programmable logic controllers that control a variety of small automation applications. A use of insecure random values vulnerability exists in the Siemens S7-200 SMART series, which can be exploited by an attacker to create a denial of service...

BIT-PHP-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

Rocky Linux 9 : php:8.1 (RLSA-2024:0387)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0387 advisory. - In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, passwordverify function may accept some invalid Blowfish hashes as valid. If...

Muon Security Feature Issue Vulnerability

Muon is a minimalist private self-destructing file-hosting web server written in Clojure. A security signature issue vulnerability exists in Muon version 0.1.1. An attacker could exploit this vulnerability to cause a random value insufficiency...

Amazon Linux 2 : php (ALASPHP8.0-2023-009)

The version of php installed on the remote host is prior to 8.0.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-009 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

Magento LTS's guest order "protect code" can be brute-forced too easily

Impact Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protectcode". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. Patch...

SUSE SLES15 / openSUSE 15 Security Update : php7 (SUSE-SU-2023:2980-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2980-1 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

Authentication flaw

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

WordPress Plugin MStore API 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PHP 8.2.x < 8.2.7

The version of PHP installed on the remote host is prior to 8.2.7. It is, therefore, affected by a vulnerability as referenced in the Version 8.2.7 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

PHP 8.0.x < 8.0.29

The version of PHP installed on the remote host is prior to 8.0.29. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.29 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

Debian dla-3458 : libapache2-mod-php7.3 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3458 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3458-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

PT-2023-21469 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue arises due to the default token generated by Linkis Gateway deployment being too simple, making it easy for attackers to obtain the default token for the attack. Generation rules...