Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 7/11/2014 6:45:26 PM

CVE Publication rate: 16.13

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 5.86
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2014-3157

Summary: Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.

Published: 6/11/2014 6:57:18 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3156

Summary: Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.

Published: 6/11/2014 6:57:18 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3155

Summary: net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.

Published: 6/11/2014 6:57:18 AM

CVSS Severity: 5.0 MEDIUM
CVE-2014-3154

Summary: Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.

Published: 6/11/2014 6:57:18 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3803

Summary: The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

Published: 5/21/2014 7:14:10 AM

CVSS Severity: 4.3 MEDIUM
CVE-2014-3152

Summary: Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1749

Summary: Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1748

Summary: The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 5.0 MEDIUM
CVE-2014-1747

Summary: Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 4.3 MEDIUM
CVE-2014-1746

Summary: The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 5.0 MEDIUM
CVE-2014-1745

Summary: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1744

Summary: Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1743

Summary: Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.

Published: 5/21/2014 7:14:09 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1742

Summary: Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.

Published: 5/14/2014 7:13:06 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1741

Summary: Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.

Published: 5/14/2014 7:13:06 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1740

Summary: Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.

Published: 5/14/2014 7:13:05 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1736

Summary: Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value.

Published: 5/6/2014 6:44:05 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1735

Summary: Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 4/26/2014 6:55:05 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1734

Summary: Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 4/26/2014 6:55:05 AM

CVSS Severity: 7.5 HIGH
CVE-2014-1733

Summary: The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.

Published: 4/26/2014 6:55:05 AM

CVSS Severity: 7.5 HIGH