Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 1/28/2015 5:01:44 AM

CVE Publication rate: 23.57

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 8.7
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2015-1361

Summary: platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205.

Published: 1/27/2015 3:04:15 PM

CVSS Severity: 6.8 MEDIUM
CVE-2015-1360

Summary: Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improperly handled during text drawing, related to gpu/GrBitmapTextContext.cpp and gpu/GrDistanceFieldTextContext.cpp, a different vulnerability than CVE-2015-1205.

Published: 1/27/2015 3:04:14 PM

CVSS Severity: 7.5 HIGH
CVE-2015-1359

Summary: Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted PDF document, related to an "intra-object-overflow" issue, a different vulnerability than CVE-2015-1205.

Published: 1/27/2015 3:04:12 PM

CVSS Severity: 6.8 MEDIUM
CVE-2014-9648

Summary: components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.

Published: 1/27/2015 3:01:43 PM

CVSS Severity: 4.3 MEDIUM
CVE-2014-9647

Summary: Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205.

Published: 1/27/2015 3:00:28 PM

CVSS Severity: 6.8 MEDIUM
CVE-2014-9646

Summary: Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205.

Published: 1/27/2015 2:59:11 PM

CVSS Severity: 4.6 MEDIUM
CVE-2015-1346

Summary: Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 1/22/2015 5:59:29 PM

CVSS Severity: 7.5 HIGH
CVE-2015-1205

Summary: Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 1/22/2015 5:59:28 PM

CVSS Severity: 7.5 HIGH
CVE-2014-7948

Summary: The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate.

Published: 1/22/2015 5:59:27 PM

CVSS Severity: 4.3 MEDIUM
CVE-2014-7947

Summary: OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.

Published: 1/22/2015 5:59:26 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-7946

Summary: The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.

Published: 1/22/2015 5:59:26 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-7945

Summary: OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.

Published: 1/22/2015 5:59:25 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-7944

Summary: The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.

Published: 1/22/2015 5:59:24 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-7943

Summary: Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

Published: 1/22/2015 5:59:23 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-7942

Summary: The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: 1/22/2015 5:59:22 PM

CVSS Severity: 7.5 HIGH
CVE-2014-7941

Summary: The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.

Published: 1/22/2015 5:59:21 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-7940

Summary: The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.

Published: 1/22/2015 5:59:20 PM

CVSS Severity: 7.5 HIGH
CVE-2014-7939

Summary: Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header.

Published: 1/22/2015 5:59:20 PM

CVSS Severity: 4.3 MEDIUM
CVE-2014-7938

Summary: The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Published: 1/22/2015 5:59:19 PM

CVSS Severity: 7.5 HIGH
CVE-2014-7937

Summary: Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.

Published: 1/22/2015 5:59:18 PM

CVSS Severity: 7.5 HIGH