CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

EnOcean SmartServer IoT

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely execute arbitrary code and bypass ASLR. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

Nintendo: ASLR leak in Mario Kart World through LAN mode

A vulnerability was discovered in the LAN mode of Mario Kart World that allowed an ASLR leak. This vulnerability was found in the game's software...

HEVD

SMEP & kASLR Bypassing - HEVD x86 Kernel Exploit !Alt text...

Enable Kernel ASLR

Address-space layout randomization ASLR randomly arranges the positions of the stack, function libraries, and programs to slightly different positions each time. As a result, the correct positions cannot be guessed, and buffer overflow attacks fail. In the Linux kernel, ASLR is classified into...

CVE-2024-26001

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

CVE-2024-26000

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

CVE-2024-26000

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

CVE-2024-26001

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

Input validation

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

Input validation

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

CVE-2024-26001 PHOENIX CONTACT: Out of bounds write only memory access

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

CVE-2024-26001

Phoenix Contact CHARX SEC series devices (e.g., CHARX SEC-3100/CHARX SEC-3000 family) are affected by a vulnerability in the MQTT stack where improper input validation allows an unauthenticated, remote attacker to write memory out of bounds. The issue is described as a buffer/length validation fl...

CVE-2024-26001 PHOENIX CONTACT: Out of bounds write only memory access

An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

CVE-2024-26000

CVE-2024-26000 affects Phoenix Contact CHARX SEC-3100 devices due to an out-of-bounds read in the MQTT stack caused by improper input validation. An unauthenticated remote attacker can read memory, with memory randomization reducing brute-force effectiveness. Multiple connected sources confirm th...

CVE-2024-26000 PHOENIX CONTACT: Out of bounds read only memory access

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

CVE-2024-26000 PHOENIX CONTACT: Out of bounds read only memory access

An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization...

PT-2024-21273 · Phoenix Contact · Charx Sec-3100

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 affected versions not specified Description: An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful...

USN-6440-3 linux-aws-hwe vulnerabilities

Seth Jenkins discovered that the Linux kernel did not properly perform address randomization for a per-cpu memory management structure. A local attacker could use this to expose sensitive information kernel memory or in conjunction with another kernel vulnerability. CVE-2023-0597 It was discovere...

CVE-2023-38237

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...