SIMP - System Integrity Management Platform

SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility. The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry be...

SUSE-SU-2015:1602-1 Security update for python modules

This update for several python modules provides the following security fix and improvements. - python-keystonemiddleware: + Fix s3token middleware parsing insecure option bsc928205, CVE-2015-1852 - python-novaclient: + Update novaclient shell to use shared arguments from Session bnc933758 + Suppo...

[SECURITY] Fedora 21 Update: drupal7-feeds-2.0-0.12.alpha9.fc21

Import or aggregate data as nodes, users, taxonomy terms or simple database records. This package provides the following Drupal modules: feeds feedsimport feedsnews requires drupal7-features and drupal7-views feedsui...

Linux-PAM '_unix_run_helper_binary()' function denial of service vulnerability

Linux-PAM also known as PAM is an authentication mechanism for use in the Linux platform that gives system administrators the freedom to choose the authentication mechanism used by an application by providing a number of dynamically linked libraries and a set of unified APIs. A denial-of-service...

[SECURITY] Fedora 21 Update: ansible-1.9.2-1.fc21

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

[SECURITY] Fedora 22 Update: ansible-1.9.2-1.fc22

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

McAfee SiteAdvisor 3.7.2 - Firefox Use-After-Free (PoC)

McAfee SiteAdvisor 3.7.2 - Firefox Use-After-Free PoC McAfee SiteAdvisor 3.7.2 for firefox Use After Free Poc / Title: McAfee SiteAdvisor 3.7.2 firefox Use After Free Author: Marcin Ressel Twitter: https://twitter.com/mressel NPMcFFPlg32.dll McAfee SiteAdvisor 3.7.2 Tested on: Windows 8.1 x64 and...

[SECURITY] Fedora 22 Update: pam-1.1.8-19.fc22

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

Just-Metadata - Tool that Gathers and Analyzes Metadata about IP Addresses

Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the...

rext

Router Exploitation Toolkit - REXT =============================...

CVE-2015-4064

The CVE-2015-4064 entry corresponds to the WordPress Landing Pages plugin (

CVE-2015-2694

MIT Kerberos 5 (krb5) 1.12.x and 1.13.x prior to 1.13.2 are vulnerable due to the kdcpreauth modules (OTP and PKINIT) not tracking client validation, enabling a remote attacker to bypass requires_preauth by submitting zero bytes or an arbitrary realm name. This can lead to obtaining a ciphertext ...

SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)

This glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc892073: An off-by-one error leading to a heap-based buffer overflow was found in gconvtranslitfind. An exploit that targets the problem is publicly available. CVE-2014-5119 -...

SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)

glibc has been updated to fix one security issue and several bugs : Security issue fixed : - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, CVE-2012-6656 - Fixed a stack overflow during hosts parsing CVE-2013-4357 Bugs fixed : - don't touch user-controlled stdio locks in forked...

SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)

This glibc update fixes a critical privilege escalation problem and two additional issues : - bnc892073: An off-by-one error leading to a heap-based buffer overflow was found in gconvtranslitfind. An exploit that targets the problem is publicly available. CVE-2014-5119 - bnc836746: Avoid race...

SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0170-1)

glibc has been updated to fix security issues : - Fix crashes on invalid input in IBM gconv modules CVE-2014-6040, CVE-2012-6656, bsc894553, bsc894556, GLIBC BZ 17325, GLIBC BZ 14134 - Fixed a stack overflow during hosts parsing CVE-2013-4357 - Copy filename argument in posixspawnfileactionsaddop...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

Design/Logic Flaw

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...

CVE-2015-3631

Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules LSM and dockert policies via an image that allows volumes to override files in /proc...