CVE-2015-0268 (xen)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0268 Original release date: 02/16/2015 Last revised: 02/17/2015 Source: US-CERT/NIST Overview The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) […]

CVE-2015-1546 (openldap)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1546 Original release date: 02/12/2015 Last revised: 02/13/2015 Source: US-CERT/NIST Overview Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched […]

CVE-2015-1545 (openldap)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1545 Original release date: 02/12/2015 Last revised: 02/13/2015 Source: US-CERT/NIST Overview The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref […]

CVE-2015-1582 (spider_facebook)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1582 Original release date: 02/11/2015 Last revised: 02/12/2015 Source: US-CERT/NIST Overview Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration […]

CVE-2015-1581 (mobile_domain)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1581 Original release date: 02/11/2015 Last revised: 02/12/2015 Source: US-CERT/NIST Overview Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct […]

CVE-2015-1580 (redirection)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1580 Original release date: 02/11/2015 Last revised: 02/12/2015 Source: US-CERT/NIST Overview Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct […]

CVE-2015-0042 (internet_explorer)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0042 Original release date: 02/10/2015 Last revised: 02/11/2015 Source: US-CERT/NIST Overview Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” […]

CVE-2015-0030 (internet_explorer)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0030 Original release date: 02/10/2015 Last revised: 02/11/2015 Source: US-CERT/NIST Overview Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” […]

CVE-2015-0012 (virtual_machine_manager)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0012 Original release date: 02/10/2015 Last revised: 02/11/2015 Source: US-CERT/NIST Overview Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by […]

CVE-2015-0010 (windows_2003_server, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0010 Original release date: 02/10/2015 Last revised: 02/11/2015 Source: US-CERT/NIST Overview The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows […]