Filtered by vendor Google
Subscribe
Total
11977 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3979 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2013-03-26 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. | |||||
| CVE-2013-2493 | 1 Google | 1 Chrome Frame | 2013-03-08 | 4.3 MEDIUM | N/A |
| The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote attackers to cause a denial of service (application crash) via an _blank value for the target attribute of an A element. | |||||
| CVE-2013-0630 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2013-03-06 | 10.0 HIGH | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4017 | 2 Google, Jb\+ | 2 Android, Jigbrowser\+ | 2013-03-02 | 4.3 MEDIUM | N/A |
| The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-4016 | 2 Google, Justsystems | 2 Android, Atok | 2013-03-02 | 4.3 MEDIUM | N/A |
| The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | |||||
| CVE-2012-5564 | 1 Google | 1 Android Debug Bridge | 2013-02-19 | 3.3 LOW | N/A |
| android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log. | |||||
| CVE-2011-1352 | 1 Google | 1 Android | 2013-02-08 | 6.9 MEDIUM | N/A |
| The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device. | |||||
| CVE-2011-1350 | 1 Google | 1 Android | 2013-02-07 | 7.1 HIGH | N/A |
| The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. | |||||
| CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2013-01-30 | 2.6 LOW | N/A |
| The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | |||||
| CVE-2012-1249 | 2 Google, Lunascape | 2 Android, Ilunascape Android | 2013-01-04 | 5.0 MEDIUM | N/A |
| The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application. | |||||
| CVE-2012-6301 | 1 Google | 1 Android | 2012-12-11 | 5.0 MEDIUM | N/A |
| The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | |||||
| CVE-2012-6051 | 1 Google | 1 Cityhash | 2012-11-29 | 5.0 MEDIUM | N/A |
| Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack. | |||||
| CVE-2011-3109 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-11-20 | 7.5 HIGH | N/A |
| Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI. | |||||
| CVE-2011-5238 | 1 Google | 1 Checkout-php | 2012-11-06 | 5.8 MEDIUM | N/A |
| google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2011-5037 | 1 Google | 1 V8 | 2012-11-06 | 5.0 MEDIUM | N/A |
| Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js. | |||||
| CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | |||||
| CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2012-09-14 | 7.5 HIGH | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |||||
| CVE-2012-4907 | 1 Google | 2 Android, Chrome | 2012-09-14 | 9.3 HIGH | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | |||||
| CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2012-09-14 | 5.0 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | |||||
| CVE-2012-4905 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." | |||||