58 matches found
PYSEC-2026-888 Uncontrolled Resource Consumption in asyncua and opcua
All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...
EUVD-2023-0048
Malicious code in bioql PyPI...
EUVD-2023-0047
Malicious code in bioql PyPI...
EUVD-2022-6584
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-26151
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the...
Linux Distros Unpatched Vulnerability : CVE-2023-26150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and...
CVE-2023-26151
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory...
CVE-2023-26150
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...
Denial Of Service(DoS)
asyncua is vulnerable to Denial Of Service DoS. The vulnerability is due to datareceived function in binaryserverasyncio.py which lacks proper error handling for malformed headers. An attacker can keep sending incomplete or malformed packets without a proper header and that cause memory exhaustio...
datapoints (>=0.0.1 <=0.0.2), hvl-ccb (>=0.12.0 <=0.12.3) potentially affected by CVE-2023-26151 via asyncua (>=0.9.94 <=0.9.95)
asyncua PYPI version =0.9.94, =0.0.1, =0.12.0, =0.12.3 Source cves: CVE-2023-26151 Source advisory: OSV:GHSA-GFVQ-MXW3-MFQ3...
datapoints (>=0.0.1 <=0.0.2), hvl-ccb (>=0.12.0 <=0.12.3) potentially affected by CVE-2023-26150 via asyncua (>=0.9.94 <=0.9.95)
asyncua PYPI version =0.9.94, =0.0.1, =0.12.0, =0.12.3 Source cves: CVE-2023-26150 Source advisory: OSV:GHSA-2894-QCQF-G23G...
GHSA-2894-QCQF-G23G asyncua Improper Authentication vulnerability
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...
GHSA-GFVQ-MXW3-MFQ3 asyncua vulnerable to denial of service via infinite loop
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory...
asyncua vulnerable to denial of service via infinite loop
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory...
asyncua Improper Authentication vulnerability
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...
CVE-2023-26151
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory...
datapoints (>=0.0.1 <=0.0.2), hvl-ccb (>=0.12.0 <=0.12.3) potentially affected by CVE-2023-26150 via asyncua (>=0.9.94 <=0.9.95)
asyncua PYPI version =0.9.94, =0.0.1, =0.12.0, =0.12.3 Source cves: CVE-2023-26150 Source advisory: OSV:PYSEC-2023-189...
PYSEC-2023-189
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...
Code injection
Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service DoS such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory...
Authentication flaw
Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Note: This issue is a result of missing checks for services that require an active session...