Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 9/1/2014 6:21:03 PM

CVE Publication rate: 13.23

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 5.82
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2014-3177

Summary: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.

Published: 8/26/2014 9:55:06 PM

CVSS Severity: 10.0 HIGH
CVE-2014-3176

Summary: Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.

Published: 8/26/2014 9:55:06 PM

CVSS Severity: 10.0 HIGH
CVE-2014-3175

Summary: Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.

Published: 8/26/2014 9:55:06 PM

CVSS Severity: 10.0 HIGH
CVE-2014-3174

Summary: modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

Published: 8/26/2014 9:55:05 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-3173

Summary: The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.

Published: 8/26/2014 9:55:05 PM

CVSS Severity: 5.0 MEDIUM
CVE-2014-3172

Summary: The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Published: 8/26/2014 9:55:05 PM

CVSS Severity: 6.4 MEDIUM
CVE-2014-3171

Summary: Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp.

Published: 8/26/2014 9:55:05 PM

CVSS Severity: 7.5 HIGH
CVE-2014-3170

Summary: extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

Published: 8/26/2014 9:55:05 PM

CVSS Severity: 6.4 MEDIUM
CVE-2014-3169

Summary: Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.

Published: 8/26/2014 9:55:05 PM

CVSS Severity: 7.5 HIGH
CVE-2014-3168

Summary: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

Published: 8/26/2014 9:55:05 PM

CVSS Severity: 7.5 HIGH
CVE-2014-3167

Summary: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 8/13/2014 12:57:12 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3166

Summary: The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.

Published: 8/13/2014 12:57:12 AM

CVSS Severity: 5.0 MEDIUM
CVE-2014-3165

Summary: Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion.

Published: 8/13/2014 12:57:12 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3162

Summary: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: 7/20/2014 7:12:50 AM

CVSS Severity: 5.0 MEDIUM
CVE-2014-3161

Summary: The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.

Published: 7/20/2014 7:12:50 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3160

Summary: The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

Published: 7/20/2014 7:12:50 AM

CVSS Severity: 6.8 MEDIUM
CVE-2014-3159

Summary: The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.

Published: 7/20/2014 7:12:50 AM

CVSS Severity: 6.4 MEDIUM
CVE-2014-3157

Summary: Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.

Published: 6/11/2014 6:57:18 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3156

Summary: Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.

Published: 6/11/2014 6:57:18 AM

CVSS Severity: 7.5 HIGH
CVE-2014-3155

Summary: net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.

Published: 6/11/2014 6:57:18 AM

CVSS Severity: 5.0 MEDIUM