Filtered by vendor Google
Subscribe
Total
13548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2974 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.
|
|||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
|
|||||
| CVE-2009-1514 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.
|
|||||
| CVE-2007-5255 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI.
|
|||||
| CVE-2008-7246 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
|||||
| CVE-2007-3150 | 1 Google | 1 Desktop | 2025-04-09 | 9.3 HIGH | N/A |
|
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.
|
|||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
|
|||||
| CVE-2007-4847 | 1 Google | 1 Picasa | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
|
|||||
| CVE-2009-3011 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the ...
Show More |
|||||
| CVE-2009-2999 | 1 Google | 1 Android | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP Push message that triggers an ArrayIndexOutOfBoundsException exception, possibly a related issue to CVE-2009-2656.
|
|||||
| CVE-2009-0411 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
|
|||||
| CVE-2008-6998 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
|
|||||
| CVE-2009-1441 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel.
|
|||||
| CVE-2009-2578 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
|
|||||
| CVE-2009-1414 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors.
|
|||||
| CVE-2009-2352 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta are also affected.
|
|||||
| CVE-2009-3268 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
|||||
| CVE-2008-6995 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.
|
|||||
| CVE-2009-3932 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
|
|||||
| CVE-2009-3456 | 1 Google | 1 Chrome | 2025-04-09 | 7.5 HIGH | N/A |
|
Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-3934 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated by a message in Yahoo! Mail.
|
|||||
| CVE-2007-1085 | 1 Google | 1 Desktop | 2025-04-09 | 7.6 HIGH | N/A |
|
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
|
|||||
| CVE-2008-6512 | 1 Google | 1 Gears | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain.
|
|||||
| CVE-2008-4340 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
|
|||||
| CVE-2008-6994 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.
|
|||||
| CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
|
|||||
| CVE-2009-2556 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
|
|||||
| CVE-2007-4824 | 1 Google | 1 Picasa | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
|
|||||
| CVE-2009-1598 | 1 Google | 1 Chrome | 2025-04-09 | 9.3 HIGH | N/A |
|
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position ...
Show More |
|||||
| CVE-2009-1412 | 2 Google, Microsoft | 2 Chrome, Internet Explorer | 2025-04-09 | 7.8 HIGH | N/A |
|
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persis ...
Show More |
|||||
| CVE-2009-2816 | 4 Apple, Fedoraproject, Google and 1 more | 5 Iphone Os, Safari, Fedora and 2 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.
|
|||||
| CVE-2009-0276 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
|
|||||
| CVE-2009-3263 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content."
|
|||||
| CVE-2008-0986 | 1 Google | 1 Android Sdk | 2025-04-09 | 7.5 HIGH | N/A |
|
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
|
|||||
| CVE-2008-0985 | 1 Google | 1 Android Sdk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
|
|||||
| CVE-2009-1754 | 1 Google | 1 Android | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application.
|
|||||
| CVE-2009-1442 | 1 Google | 1 Chrome | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
|
|||||
| CVE-2009-3933 | 2 Google, Webkit | 2 Chrome, Webkit | 2025-04-09 | 5.0 MEDIUM | N/A |
|
WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions.
|
|||||
| CVE-2008-3891 | 1 Google | 1 Google Apps | 2025-04-09 | 7.5 HIGH | N/A |
|
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
|
|||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.
|
|||||