Multiple vulnerabilities have been discovered in Cisco Products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow an unauthenticated, remote attacker to execute code on the affected systems. Depending on the privileges associated with the targeted user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users configured to have fewer privileges on the system could be less impacted than those who operate with elevated privileges.
Category Archives: Advisories
DSA-5067 ruby2.7 – security update
Several vulnerabilities have been discovered in the interpreter for
the Ruby language and the Rubygems included, which may result
in information disclosure or denial of service.
DSA-5066 ruby2.5 – security update
Several vulnerabilities have been discovered in the interpreter for the
Ruby language and the Rubygems included, which may result in
XML roundtrip attacks, the execution of arbitrary code, information
disclosure, StartTLS stripping in IMAP or denial of service.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
A Vulnerability in Samba Could Allow for Arbitrary Code Execution
A vulnerability has been discovered in Samba which could allow for arbitrary code execution. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Successful exploitation of this vulnerability could result in arbitrary code execution as root on affected Samba installations that use the VFS module vfs_fruit. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
GLSA 202202-01: WebkitGTK+: Multiple vulnerabilities
FreeBSD-EN-22:07.la57
FreeBSD-EN-22:08.i386
[R1] Nessus 10.1.0 Fixes One Third-Party Vulnerability
Out of caution and in line with good practice, Tenable has opted to upgrade the Underscore.js component to address the potential impact of the issue. Nessus 10.1.0 updates Underscore.js to version 1.13.1 to address the identified vulnerability.
DSA-5065 ipython – security update
It was discovered that IPython, an enhanced interactive Python shell,
executed config files from the current working directory, which could
result in cross-user attacks if run from a directory multiple users
may write to.