Search CVE reports
341 – 350 of 30629 results
An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily...
1 affected package
open62541
| Package | 26.04 LTS |
|---|---|
| open62541 | Needs evaluation |
In liboauth2 the Demonstrating Proof-of-Possession (DPoP) verifier accepts a proof whose JSON Web Key (jwk) header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a...
1 affected package
liboauth2
| Package | 26.04 LTS |
|---|---|
| liboauth2 | Needs evaluation |
liboauth2 is vulnerable to Server-Side Request Forgery in oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is...
1 affected package
liboauth2
| Package | 26.04 LTS |
|---|---|
| liboauth2 | Needs evaluation |
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an...
1 affected package
open62541
| Package | 26.04 LTS |
|---|---|
| open62541 | Needs evaluation |
[Unknown description]
1 affected package
libheif
| Package | 26.04 LTS |
|---|---|
| libheif | Fixed |
[Unknown description]
1 affected package
libheif
| Package | 26.04 LTS |
|---|---|
| libheif | Fixed |
[Unknown description]
1 affected package
libheif
| Package | 26.04 LTS |
|---|---|
| libheif | Fixed |
[Unknown description]
1 affected package
libheif
| Package | 26.04 LTS |
|---|---|
| libheif | Fixed |
[Unknown description]
1 affected package
libheif
| Package | 26.04 LTS |
|---|---|
| libheif | Fixed |
[Unknown description]
1 affected package
libheif
| Package | 26.04 LTS |
|---|---|
| libheif | Not affected |