Filtered by vendor Google
Subscribe
Total
13455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2071 | 1 Google | 1 Chrome | 2025-04-09 | 6.8 MEDIUM | N/A |
| Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2009-2416 | 11 Apple, Canonical, Debian and 8 more | 19 Iphone Os, Mac Os X, Mac Os X Server and 16 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2009-2578 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. | |||||
| CVE-2008-0986 | 1 Google | 1 Android Sdk | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | |||||
| CVE-2007-4824 | 1 Google | 1 Picasa | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2009-2348 | 1 Google | 1 Android | 2025-04-09 | 6.9 MEDIUM | N/A |
| Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | |||||
| CVE-2007-5255 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. | |||||
| CVE-2008-3891 | 1 Google | 1 Google Apps | 2025-04-09 | 7.5 HIGH | N/A |
| The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | |||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action. | |||||
| CVE-2007-6212 | 1 Google | 1 Kml | 2025-04-09 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter. | |||||
| CVE-2009-3933 | 2 Google, Webkit | 2 Chrome, Webkit | 2025-04-09 | 5.0 MEDIUM | N/A |
| WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers an incompatibility between the WTF::currentTime and base::Time functions. | |||||
| CVE-2009-3268 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. | |||||
| CVE-2009-1414 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. | |||||
| CVE-2009-2555 | 1 Google | 2 Chrome, V8 | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||||
| CVE-2009-1514 | 1 Google | 1 Chrome | 2025-04-09 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value. | |||||
| CVE-2008-6995 | 1 Google | 1 Chrome | 2025-04-09 | 4.3 MEDIUM | N/A |
| Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI. | |||||
| CVE-2009-1412 | 2 Google, Microsoft | 2 Chrome, Internet Explorer | 2025-04-09 | 7.8 HIGH | N/A |
| Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. NOTE: this can be leveraged for Universal XSS by exploiting certain behavior involving persistence across page transitions. | |||||
| CVE-2007-3484 | 1 Google | 1 Custom Search Engine | 2025-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website. | |||||
| CVE-2009-3456 | 1 Google | 1 Chrome | 2025-04-09 | 7.5 HIGH | N/A |
| Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||