CVE-2015-1211 (chrome, linux_kernel, mac_os_x, windows)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1211 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, […]

CVE-2015-1210 (chrome, linux_kernel, mac_os_x, windows)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1210 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly […]

CVE-2015-1209 (chrome, linux_kernel, mac_os_x, windows)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1209 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, […]

CVE-2014-5332 (linux_kernel)

National Cyber Awareness System Vulnerability Summary for CVE-2014-5332 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a […]

CVE-2014-9562 (optimalsite)

National Cyber Awareness System Vulnerability Summary for CVE-2014-9562 Original release date: 02/04/2015 Last revised: 02/05/2015 Source: US-CERT/NIST Overview Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Impact CVSS Severity (version 2.0): Impact […]

CVE-2014-9043 (owncloud)

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. Impact CVSS Severity (version 2.0): Impact Subscore: […]

CVE-2015-1476 (ecommercemajor)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1476 Original release date: 02/04/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php. Impact […]

CVE-2015-1475 (mylittleforum)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1475 Original release date: 02/04/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to […]

CVE-2015-1381 (debian_linux, privoxy)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1381 Original release date: 02/03/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Impact CVSS Severity (version 2.0): Impact […]

CVE-2014-9574 (fluxbb)

National Cyber Awareness System Vulnerability Summary for CVE-2014-9574 Original release date: 02/03/2015 Last revised: 02/03/2015 Source: US-CERT/NIST Overview Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter. Impact CVSS Severity […]