Lucene search
K

123 matches found

RedhatCVE
RedhatCVE
added 2026/07/02 2:4 p.m.13 views

CVE-2026-11946

A flaw was found in open62541. An unauthenticated remote attacker can exploit a vulnerability in the GetEndpoints Discovery Service by sending a malformed request with an excessively long, unvalidated endpointUrl field. This can lead to the server buffering large amounts of data indefinitely,...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/02 12:20 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GetEndpoints process. An attacker can cause the server to allocate excessive memory by sending a GetEndpointsRequest with an extremely large endpointUrl field, delivered in...

7.5CVSS6AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 12:16 p.m.4 views

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS0.00386EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 12:16 p.m.5 views

DEBIAN-CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS6AI score0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 12:16 p.m.2 views

UBUNTU-CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS6AI score0.00386EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 10:54 a.m.16 views

CVE-2026-11946

CVE-2026-11946 affects open62541 (1.4.0–1.4.16, 1.5.0–1.5.4, master). An unauthenticated remote attacker can exhaust server memory through GetEndpoints by sending an oversized endpointUrl in GetEndpointsRequest; length is not validated, allowing ~4.09 GB strings split across chunks, buffered in R...

7.5CVSS5.8AI score0.00386EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 8:16 a.m.9 views

CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...

7.5CVSS0.00388EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 8:16 a.m.4 views

DEBIAN-CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...

7.5CVSS6AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 8:16 a.m.3 views

UBUNTU-CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...

7.5CVSS6AI score0.00388EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:12 a.m.8 views

EUVD-2026-41256

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...

7.5CVSS5.8AI score0.00388EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:12 a.m.8 views

CVE-2026-33592

An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...

7.5CVSS5.8AI score0.00388EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/02 7:12 a.m.28 views

CVE-2026-33592

The CVE-2026-33592 issue affects open62541 (versions 1.4.0–1.4.16, 1.5.0–1.5.4, and master). An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service because the FindServersRequest serverUris field is not validated for length/array size. An adversary can ...

7.5CVSS5.8AI score0.00388EPSS
Exploits0References3
CVE
CVE
added 2026/02/05 7:9 p.m.20 views

CVE-2026-1301

CVE-2026-1301 pertains to o6 Automation GmbH Open62541 (Open62541/Open62541-like builds) where in PubSub with JSON decoding enabled a crafted JSON message can cause a heap-allocated array write beyond bounds before authentication, leading to a process crash and memory corruption. Affected compone...

6.8CVSS5.3AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/05 7:9 p.m.6 views

CVE-2026-1301 Out-of-bounds Write in o6 Automation GmbH Open62541

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...

6.8CVSS5.3AI score0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 7:9 p.m.28 views

CVE-2026-1301 Out-of-bounds Write in o6 Automation GmbH Open62541

In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...

6.8CVSS0.00343EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/05 12:0 a.m.8 views

o6 Automation Open62541 缓冲区错误漏洞

o6 Automation Open62541 is an industrial automation toolset developed by the German company o6 Automation. o6 Automation Open62541 contains a buffer error vulnerability; this vulnerability arises from specially crafted JSON messages that may cause the decoder to write data beyond the allocated he...

6.8CVSS6AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-23957

Malware in sbrugna...

5.5CVSS5.6AI score0.0031EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-51965

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00711EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-30413

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01127EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2024-53429

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash. CVE-2024-53429 Note that Nessus relies on the presence of the package ...

7.5CVSS5.4AI score0.00711EPSS
Exploits0References2
Rows per page
Query Builder