Filtered by vendor Google
Subscribe
Total
11891 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-0276 | 1 Google | 1 Chrome | 2023-12-10 | 5.0 MEDIUM | N/A |
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | |||||
CVE-2008-3891 | 1 Google | 1 Google Apps | 2023-12-10 | 7.5 HIGH | N/A |
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | |||||
CVE-2009-1690 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | |||||
CVE-2009-3011 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: the JavaScript executes outside of the context of the HTTP site. | |||||
CVE-2009-2556 | 1 Google | 1 Chrome | 2023-12-10 | 9.3 HIGH | N/A |
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||||
CVE-2007-4847 | 1 Google | 1 Picasa | 2023-12-10 | 5.0 MEDIUM | N/A |
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||||
CVE-2007-6536 | 1 Google | 1 Toolbar | 2023-12-10 | 6.8 MEDIUM | N/A |
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com. | |||||
CVE-2006-5019 | 1 Google | 1 Mini Search Appliance | 2023-12-10 | 5.0 MEDIUM | N/A |
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message. | |||||
CVE-2008-0986 | 1 Google | 1 Android Sdk | 2023-12-10 | 7.5 HIGH | N/A |
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | |||||
CVE-2007-1085 | 1 Google | 1 Desktop | 2023-12-10 | 7.6 HIGH | N/A |
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. | |||||
CVE-2008-0985 | 1 Google | 1 Android Sdk | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width. | |||||
CVE-2007-6452 | 1 Google | 1 Web Toolkit | 2023-12-10 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||||
CVE-2006-7157 | 1 Google | 1 Earth | 2023-12-10 | 7.1 HIGH | N/A |
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element. | |||||
CVE-2007-3150 | 1 Google | 1 Desktop | 2023-12-10 | 9.3 HIGH | N/A |
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file. | |||||
CVE-2007-4823 | 1 Google | 1 Picasa | 2023-12-10 | 7.5 HIGH | N/A |
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||||
CVE-2007-6212 | 1 Google | 1 Kml | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter. | |||||
CVE-2006-6223 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. | |||||
CVE-2007-4824 | 1 Google | 1 Picasa | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||||
CVE-2007-5255 | 1 Google | 1 Mini Search Appliance | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. | |||||
CVE-2005-3755 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages. |