123 matches found
CVE-2026-11946
A flaw was found in open62541. An unauthenticated remote attacker can exploit a vulnerability in the GetEndpoints Discovery Service by sending a malformed request with an excessively long, unvalidated endpointUrl field. This can lead to the server buffering large amounts of data indefinitely,...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the GetEndpoints process. An attacker can cause the server to allocate excessive memory by sending a GetEndpointsRequest with an extremely large endpointUrl field, delivered in...
CVE-2026-11946
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...
DEBIAN-CVE-2026-11946
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...
UBUNTU-CVE-2026-11946
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...
CVE-2026-11946
CVE-2026-11946 affects open62541 (1.4.0–1.4.16, 1.5.0–1.5.4, master). An unauthenticated remote attacker can exhaust server memory through GetEndpoints by sending an oversized endpointUrl in GetEndpointsRequest; length is not validated, allowing ~4.09 GB strings split across chunks, buffered in R...
CVE-2026-33592
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...
DEBIAN-CVE-2026-33592
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...
UBUNTU-CVE-2026-33592
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...
EUVD-2026-41256
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...
CVE-2026-33592
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string up to 3.9 GB delivered across intermediate...
CVE-2026-33592
The CVE-2026-33592 issue affects open62541 (versions 1.4.0–1.4.16, 1.5.0–1.5.4, and master). An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service because the FindServersRequest serverUris field is not validated for length/array size. An adversary can ...
CVE-2026-1301
CVE-2026-1301 pertains to o6 Automation GmbH Open62541 (Open62541/Open62541-like builds) where in PubSub with JSON decoding enabled a crafted JSON message can cause a heap-allocated array write beyond bounds before authentication, leading to a process crash and memory corruption. Affected compone...
CVE-2026-1301 Out-of-bounds Write in o6 Automation GmbH Open62541
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...
CVE-2026-1301 Out-of-bounds Write in o6 Automation GmbH Open62541
In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory...
o6 Automation Open62541 缓冲区错误漏洞
o6 Automation Open62541 is an industrial automation toolset developed by the German company o6 Automation. o6 Automation Open62541 contains a buffer error vulnerability; this vulnerability arises from specially crafted JSON messages that may cause the decoder to write data beyond the allocated he...
EUVD-2020-23957
Malware in sbrugna...
EUVD-2024-51965
Malicious code in bioql PyPI...
EUVD-2022-30413
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-53429
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Open62541 v1.4.6 is has an assertion failure in fuzzbinarydecode, which leads to a crash. CVE-2024-53429 Note that Nessus relies on the presence of the package ...