CVE-2023-3247

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-252
View all →

Vulnerability Description

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce.

Related Vulnerabilities

CVE-2020-8934

MEDIUM
CVSS:4.3(Medium)

The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_...

CWE-2522020

CVE-2021-29853

MEDIUM
CVSS:4.3(Medium)

IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529.

CWE-2522021

CVE-2023-29243

MEDIUM
CVSS:4.4(Medium)

Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local acc...

CWE-2522023

CVE-2023-3013

MEDIUM
CVSS:4.4(Medium)

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.

CWE-2522023

CVE-2023-4162

MEDIUM
CVSS:4.4(Medium)

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user l...

CWE-2522023

CVE-2023-23003

MEDIUM
CVSS:4.0(Medium)

In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.

CWE-2522023