BIT-PHP-MIN-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

CLSA-2024-1716485695 php: Fix of 2 CVEs

CVE-2022-4900: sapi/cli/phpcliserver.c: Prevent potential buffer overflow for large value of phpcliserverworkersmax - CVE-2023-3247: ext/soap/phphttp.c: Fix missing randomness check and insufficient random bytes...

Huawei EulerOS: Security Advisory for php (EulerOS-SA-2023-3445)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : php (ALASPHP8.0-2023-009)

The version of php installed on the remote host is prior to 8.0.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-009 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

PHP 8.0.x < 8.0.29 Information Disclosure

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.29, 8.1.x prior to 8.1.20, or 8.2.x prior to 8.2.7. It is, therefore, affected by an information disclosure vulnerability. The random byte generation function used in the SOAP HTTP...

PHP 8.2.x < 8.2.7 Information Disclosure

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.29, 8.1.x prior to 8.1.20, or 8.2.x prior to 8.2.7. It is, therefore, affected by an information disclosure vulnerability. The random byte generation function used in the SOAP HTTP...

PHP 8.0.x < 8.0.29

The version of PHP installed on the remote host is prior to 8.0.29. It is, therefore, affected by a vulnerability as referenced in the Version 8.0.29 advisory. - In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value...

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

Debian: Security Advisory (DSA-5424-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-5425-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5425-1] php8.2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5425-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 13, 2023 https://www.debian.org/security/faq -...

Schneider Electric Modicon Arbitrary Code Execution (CVE-2013-0664)

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...

CVE-2013-0664

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...

Code injection

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...

Novell eDirectory HTTP Request Content-Length Heap Buffer Overflow (CVE-2008-4478)

Novell eDirectory is an X.500 and LDAP compatible directory server intended for use as a part of an identity management solution. The product is made available for multiple platforms including NetWare, Unix-like systems, and Windows. There exists a heap buffer overflow vulnerability in Novell...

Novell eDirectory SOAP Handling Accept Language Header Heap Overflow (CVE-2008-4479)

Novell eDirectory is an X.500 and LDAP compatible directory service software product developed by Novell, Inc. for centrally managing access to resources on multiple servers and computers within a given network. The product is made available for multiple platforms including NetWare, Unix-like...