VYPR

Vendor CVEs

Google

All CVEs

11,327 total · sorted by risk
  • CVE-2012-2877Sep 26, 2012
    risk 0.00cvss epss 0.01

    The extension system in Google Chrome before 22.0.1229.79 does not properly handle modal dialogs, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2012-2876Sep 26, 2012
    risk 0.00cvss epss 0.01

    Buffer overflow in the SSE2 optimization functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2012-2875Sep 26, 2012
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document.

  • CVE-2012-2874Sep 26, 2012
    risk 0.00cvss epss 0.01

    Skia, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation, a different vulnerability than CVE-2012-2883.

  • CVE-2012-4930Sep 15, 2012
    risk 0.00cvss epss 0.02

    The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP…

  • CVE-2012-4929Sep 15, 2012
    risk 0.00cvss epss 0.04

    The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by…

  • CVE-2012-4360Sep 15, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-4001Sep 15, 2012
    risk 0.00cvss epss 0.01

    The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.

  • CVE-2012-4907Sep 13, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.

  • CVE-2012-4904Sep 13, 2012
    risk 0.00cvss epss 0.01

    Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.

  • CVE-2012-4903Sep 13, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906.

  • CVE-2012-2872Aug 31, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-2871Aug 31, 2012
    risk 0.00cvss epss 0.02

    libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a…

  • CVE-2012-2870Aug 31, 2012
    risk 0.00cvss epss 0.02

    libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation,…

  • CVE-2012-2869Aug 31, 2012
    risk 0.00cvss epss 0.02

    Google Chrome before 21.0.1180.89 does not properly load URLs, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a "stale buffer."

  • CVE-2012-2868Aug 31, 2012
    risk 0.00cvss epss 0.01

    Race condition in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving improper interaction between worker processes and an XMLHttpRequest (aka XHR) object.

  • CVE-2012-2867Aug 31, 2012
    risk 0.00cvss epss 0.01

    The SPDY implementation in Google Chrome before 21.0.1180.89 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

  • CVE-2012-2866Aug 31, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

  • CVE-2012-2865Aug 31, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

  • CVE-2012-3979Aug 29, 2012
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.

  • CVE-2012-4677Aug 26, 2012
    risk 0.00cvss epss 0.00

    Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.

  • CVE-2012-4676Aug 26, 2012
    risk 0.00cvss epss 0.00

    The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.

  • CVE-2012-3487Aug 26, 2012
    risk 0.00cvss epss 0.00

    Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.

  • CVE-2012-3486Aug 26, 2012
    risk 0.00cvss epss 0.00

    Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.

  • CVE-2012-3484Aug 26, 2012
    risk 0.00cvss epss 0.00

    Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network…

  • CVE-2012-2864Aug 22, 2012
    risk 0.00cvss epss 0.05

    Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."

  • CVE-2012-2863Aug 9, 2012
    risk 0.00cvss epss 0.01

    The PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.

  • CVE-2012-2862Aug 9, 2012
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.75 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

  • CVE-2012-2860Aug 6, 2012
    risk 0.00cvss epss 0.01

    The date-picker implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.

  • CVE-2012-2859Aug 6, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2012-2858Aug 6, 2012
    risk 0.00cvss epss 0.01

    Buffer overflow in the WebP decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted WebP image.

  • CVE-2012-2857Aug 6, 2012
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified…

  • CVE-2012-2856Aug 6, 2012
    risk 0.00cvss epss 0.01

    The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write…

  • CVE-2012-2855Aug 6, 2012
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted…

  • CVE-2012-2854Aug 6, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.

  • CVE-2012-2853Aug 6, 2012
    risk 0.00cvss epss 0.01

    The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other…

  • CVE-2012-2852Aug 6, 2012
    risk 0.00cvss epss 0.01

    The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly handle object linkage, which allows remote attackers to cause a denial of service (use-after-free) or possibly have…

  • CVE-2012-2851Aug 6, 2012
    risk 0.00cvss epss 0.01

    Multiple integer overflows in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted…

  • CVE-2012-2850Aug 6, 2012
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document.

  • CVE-2012-2849Aug 6, 2012
    risk 0.00cvss epss 0.01

    Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.

  • CVE-2012-2848Aug 6, 2012
    risk 0.00cvss epss 0.01

    The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site.

  • CVE-2012-2847Aug 6, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not request user confirmation before continuing a large series of downloads, which allows user-assisted remote attackers to cause a denial of service (resource…

  • CVE-2012-2846Aug 6, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.

  • CVE-2012-2674Jul 25, 2012
    risk 0.00cvss epss 0.01

    Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks…

  • CVE-2005-4895Jul 25, 2012
    risk 0.00cvss epss 0.01

    Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

  • CVE-2012-4050Jul 24, 2012
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.

  • CVE-2012-2844Jul 12, 2012
    risk 0.00cvss epss 0.02

    The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service (incorrect object access) or possibly have unspecified other impact via a crafted document.

  • CVE-2012-2843Jul 12, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout height tracking.

  • CVE-2012-2842Jul 12, 2012
    risk 0.00cvss epss 0.01

    Use-after-free vulnerability in Google Chrome before 20.0.1132.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to counter handling.

  • CVE-2012-2834Jun 27, 2012
    risk 0.00cvss epss 0.01

    Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.

Page 214 of 227