CVE-2015-0008 (windows_2003_server, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0008 Original release date: 02/10/2015 Last revised: 02/11/2015 Source: US-CERT/NIST Overview The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, […]

CVE-2015-0003 (windows_2003_server, windows_7, windows_8, windows_8.1, windows_rt, windows_rt_8.1, windows_server_2008, windows_server_2012, windows_vista)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0003 Original release date: 02/10/2015 Last revised: 02/11/2015 Source: US-CERT/NIST Overview win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold […]

CVE-2015-0072 (internet_explorer)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0072 Original release date: 02/07/2015 Last revised: 02/09/2015 Source: US-CERT/NIST Overview Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME […]

CVE-2015-1442 (zerocms)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1442 Original release date: 02/06/2015 Last revised: 02/09/2015 Source: US-CERT/NIST Overview SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account […]

CVE-2015-1212 (chrome, linux_kernel, mac_os_x, windows)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1212 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact […]

CVE-2015-1211 (chrome, linux_kernel, mac_os_x, windows)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1211 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, […]

CVE-2015-1210 (chrome, linux_kernel, mac_os_x, windows)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1210 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly […]

CVE-2015-1209 (chrome, linux_kernel, mac_os_x, windows)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1209 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, […]

CVE-2014-5332 (linux_kernel)

National Cyber Awareness System Vulnerability Summary for CVE-2014-5332 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a […]