Filtered by vendor Google
Subscribe
Total
11977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0646 | 5 Adobe, Apple, Google and 2 more | 9 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 6 more | 2014-03-26 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-1970 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2014-03-20 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | |||||
| CVE-2012-0322 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2014-03-20 | 4.3 MEDIUM | N/A |
| The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function. | |||||
| CVE-2014-1979 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2014-03-20 | 6.8 MEDIUM | N/A |
| The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. | |||||
| CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2014-03-20 | 4.3 MEDIUM | N/A |
| The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2014-1978 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2014-03-20 | 4.3 MEDIUM | N/A |
| The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2013-4710 | 1 Google | 1 Android | 2014-03-10 | 9.3 HIGH | N/A |
| Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636. | |||||
| CVE-2013-6640 | 1 Google | 2 Chrome, V8 | 2014-03-06 | 7.5 HIGH | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. | |||||
| CVE-2013-6639 | 1 Google | 2 Chrome, V8 | 2014-03-06 | 7.5 HIGH | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. | |||||
| CVE-2013-6637 | 1 Google | 1 Chrome | 2014-03-06 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 31.0.1650.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2013-6636 | 1 Google | 1 Chrome | 2014-03-06 | 4.3 MEDIUM | N/A |
| The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors involving the document.write method. | |||||
| CVE-2013-6634 | 1 Google | 1 Chrome | 2014-03-06 | 6.8 MEDIUM | N/A |
| The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code. | |||||
| CVE-2013-6631 | 1 Google | 1 Chrome | 2014-03-06 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call. | |||||
| CVE-2013-6642 | 1 Google | 2 Android, Chrome | 2014-02-25 | 5.0 MEDIUM | N/A |
| Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors. | |||||
| CVE-2013-6652 | 2 Google, Microsoft | 2 Chrome, Windows | 2014-02-24 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\?\ protection mechanism. | |||||
| CVE-2013-6166 | 1 Google | 1 Chrome | 2014-02-18 | 6.8 MEDIUM | N/A |
| Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. | |||||
| CVE-2014-0803 | 2 Google, Yuichiro Okuyama | 3 Android, Tetra Filer, Tetra Filer Free | 2014-01-13 | 5.8 MEDIUM | N/A |
| Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors. | |||||
| CVE-2013-6271 | 1 Google | 1 Android | 2013-12-18 | 8.8 HIGH | N/A |
| Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. | |||||
| CVE-2013-6916 | 3 Cybozu, Google, Microsoft | 3 Garoon, Chrome, Internet Explorer | 2013-12-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-3485 | 1 Google | 1 Tunnelblick | 2013-12-13 | 7.2 HIGH | N/A |
| Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call. | |||||