Derek Abdine

**Name of the Vulnerable Software and Affected Versions** muhttpd versions prior to 1.1.7 **Description** The issue allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. An attacker can obtain access to files containing passwords, wireless access settings, provider connection parameters, and private keys. **Recommendations** For muhttpd versions prior to 1.1.7, update to version 1.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `do request` function in `request.c` until a patch is available. Avoid using specially crafted HTTP requests that could exploit this issue until the update is applied.

Name of the Vulnerable Software and Affected Versions: NVIDIA Binary Graphics Driver versions prior to 1.0.8776 Description: The issue concerns the accelerated rendering functionality of the NVIDIA Binary Graphics Driver, which allows local and remote attackers to execute arbitrary code via a large width value in a font glyph. This can be used to overwrite arbitrary memory locations, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely. Recommendations: For versions prior to 1.0.8776, update to version 1.0.8776 or later to resolve the issue. As a temporary workaround, consider restricting access to the accelerated rendering functionality until a patch is available.