CVE-2015-1205

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

References

http://googlechromereleases.blogspot.com/2015/01/stable-update.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html

http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

http://secunia.com/advisories/62383

http://secunia.com/advisories/62575

http://security.gentoo.org/glsa/glsa-201502-13.xml

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.securityfocus.com/bid/72288

http://www.securitytracker.com/id/1031623

http://www.ubuntu.com/usn/USN-2476-1

https://code.google.com/p/chromium/issues/detail?id=327070

https://code.google.com/p/chromium/issues/detail?id=334448

https://code.google.com/p/chromium/issues/detail?id=410030

https://code.google.com/p/chromium/issues/detail?id=411026

https://code.google.com/p/chromium/issues/detail?id=411156

https://code.google.com/p/chromium/issues/detail?id=413530

https://code.google.com/p/chromium/issues/detail?id=422765

https://code.google.com/p/chromium/issues/detail?id=423899

https://code.google.com/p/chromium/issues/detail?id=425040

https://code.google.com/p/chromium/issues/detail?id=425151

https://code.google.com/p/chromium/issues/detail?id=428828

https://code.google.com/p/chromium/issues/detail?id=429134

https://code.google.com/p/chromium/issues/detail?id=429139

https://code.google.com/p/chromium/issues/detail?id=431187

https://code.google.com/p/chromium/issues/detail?id=431603

https://code.google.com/p/chromium/issues/detail?id=432209

https://code.google.com/p/chromium/issues/detail?id=434723

https://code.google.com/p/chromium/issues/detail?id=435514

https://code.google.com/p/chromium/issues/detail?id=435815

https://code.google.com/p/chromium/issues/detail?id=437655

https://code.google.com/p/chromium/issues/detail?id=438363

https://code.google.com/p/chromium/issues/detail?id=439319

https://code.google.com/p/chromium/issues/detail?id=440572

https://code.google.com/p/chromium/issues/detail?id=440913

https://code.google.com/p/chromium/issues/detail?id=441834

https://code.google.com/p/chromium/issues/detail?id=443274

https://code.google.com/p/chromium/issues/detail?id=443333

https://code.google.com/p/chromium/issues/detail?id=446076

https://code.google.com/p/chromium/issues/detail?id=449894

https://support.apple.com/HT205212

https://support.apple.com/HT205221

Details

Source: MITRE

Published: 2015-01-22

Updated: 2017-01-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to 40.0.2214.85 (inclusive)

Configuration 3

OR

cpe:2.3:a:chromium:chromium:*:*:*:*:*:*:*:* versions up to 40.0.2214.94 (inclusive)

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
86601Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
86001Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)NessusWindows
high
85987Apple iOS < 9.0 Multiple VulnerabilitiesNessusMobile Devices
critical
81692openSUSE Security Update : chromium (openSUSE-2015-204)NessusSuSE Local Security Checks
high
81396GLSA-201502-13 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
8889Google Chrome < 40.0.2214.91 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
81016Ubuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2476-1)NessusUbuntu Local Security Checks
high
80951Google Chrome < 40.0.2214.91 Multiple VulnerabilitiesNessusWindows
high
80950Google Chrome < 40.0.2214.91 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
80898FreeBSD : chromium -- multiple vulnerabilities (e30e0c99-a1b7-11e4-b85c-00262d5ed8ee)NessusFreeBSD Local Security Checks
high