Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service.
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
A vulnerability has been discovered in Samba which could allow for arbitrary code execution. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Successful exploitation of this vulnerability could result in arbitrary code execution as root on affected Samba installations that use the VFS module vfs_fruit. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
Out of caution and in line with good practice, Tenable has opted to upgrade the Underscore.js component to address the potential impact of the issue. Nessus 10.1.0 updates Underscore.js to version 1.13.1 to address the identified vulnerability.
It was discovered that IPython, an enhanced interactive Python shell,
executed config files from the current working directory, which could
result in cross-user attacks if run from a directory multiple users
may write to.
It was discovered that missing input sanitising in python-nbxmpp, a
Jabber/XMPP Python library, could result in denial of service in clients
based on it (such as Gajim).