Filtered by vendor Google
Subscribe
Total
12852 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4198 | 3 Fedoraproject, Google, Webkitgtk | 3 Fedora, Chrome, Webkitgtk | 2025-04-11 | 6.8 MEDIUM | 8.8 HIGH |
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document. | |||||
CVE-2011-3881 | 2 Apple, Google | 4 Iphone Os, Safari, Android and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. | |||||
CVE-2011-3927 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2011-1801 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Google Chrome before 11.0.696.71 allows remote attackers to bypass the pop-up blocker via unknown vectors. | |||||
CVE-2011-3887 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | |||||
CVE-2010-3639 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | |||||
CVE-2013-2870 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 9.3 HIGH | N/A |
Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request. | |||||
CVE-2013-0835 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors. | |||||
CVE-2012-4221 | 1 Google | 1 Android | 2025-04-11 | 6.8 MEDIUM | N/A |
Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call. | |||||
CVE-2011-4213 | 1 Google | 1 App Engine Python Sdk | 2025-04-11 | 7.2 HIGH | N/A |
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | |||||
CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | |||||
CVE-2010-1665 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
Google Chrome before 4.1.249.1064 does not properly handle fonts, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors. | |||||
CVE-2012-1480 | 2 Google, Pansi | 2 Android, Pansi Sms | 2025-04-11 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application 1.97, 2.01, and 2.07 for Android has unknown impact and attack vectors. | |||||
CVE-2013-0843 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio. | |||||
CVE-2011-1203 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
CVE-2012-2889 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | |||||
CVE-2010-4040 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-11 | 6.8 MEDIUM | 7.8 HIGH |
Google Chrome before 7.0.517.41 does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image. | |||||
CVE-2011-3038 | 3 Apple, Google, Opensuse | 5 Iphone Os, Itunes, Safari and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling. | |||||
CVE-2013-0790 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-11 | 10.0 HIGH | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. | |||||
CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2025-04-11 | 6.9 MEDIUM | N/A |
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. |