Description: The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacks certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. Impact: Attackers can exploit these issues to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks....
Read More
Description: Cyber security researchers from IOActive said in an advisory that after reverse engineering, the router firmware they identified total of 10 security vulnerabilities, ranging from low-to-high risk issues, six of which can be exploited remotely by unauthenticated attackers. Impact: Because of these vulnerabilities, it allows unauthenticated attackers to create a Denial-of-Service (DoS) condition on the router. Attackers can also bypass the authentication protecting the...
Read More
Description: The Drupal security team has discovered a critical vulnerability in a third-party module named References. Although this module is no longer maintained, it is currently used within over 120,000 installations. Impact: The Drupal security team did not disclose the technical details about the vulnerability in order to avoid the exploitation of the flaw in the wild. Mitigation: As per drupal.org official page information, if...
Read More
Description: The vulnerability is due to a flaw in handling crafted DNS response messages. An attacker could exploit this vulnerability by triggering a DNS request from the Cisco ASA Software and replying with a crafted response. A successful exploit could cause the device to reload, resulting in a denial of service (DoS) condition or corruption of the local DNS cache information. Only traffic directed to...
Read More
Description: The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be...
Read More
