EUVD-2014-1359

Malware in sbrugna...

workflow-cps-global-lib: Sandbox bypass vulnerability

A flaw was found in Jenkins. The Pipeline: Shared Groovy Libraries plugin uses the names of Pipeline libraries to create cache directories without any sanitization. This flaw allows attackers with item/configure permission to execute arbitrary code in the context of the Jenkins controller JVM,...

CVE-2014-1281

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image...

CVE-2014-1281

CVE-2014-1281 affects Apple iOS prior to 7.1, specifically the Photos Backend asset-library cache handling during deletions. The issue allows physically proximate attackers to access sensitive photo data by triggering the Photos app and inspecting a transparent image beneath it. The root cause is...

SUSE-SA:2003:0010: libmcrypt

The remote host is missing the patch for the advisory SUSE-SA:2003:0010 libmcrypt. Libmcrypt is a data encryption library that is able to load crypto- modules at run-time by using libltdl. Versions of libmcrypt prior to 2.5.5 include several buffer overflows that can be triggered by passing very...