Vendor CVEs
All CVEs
10,945 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2935 | 0.00 | — | 0.05 | Aug 27, 2009 | Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript. | |||
| CVE-2009-2955 | 0.00 | — | 0.01 | Aug 24, 2009 | Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||
| CVE-2009-2656 | 0.00 | — | 0.01 | Aug 3, 2009 | Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009. | |||
| CVE-2009-2578 | 0.00 | — | 0.01 | Jul 22, 2009 | Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | |||
| CVE-2009-2556 | 0.00 | — | 0.02 | Jul 21, 2009 | Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation. | |||
| CVE-2009-2555 | 0.00 | — | 0.03 | Jul 21, 2009 | Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression. | |||
| CVE-2009-2348 | 0.00 | — | 0.00 | Jul 17, 2009 | Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a… | |||
| CVE-2009-2121 | 0.00 | — | 0.02 | Jun 23, 2009 | Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response. | |||
| CVE-2009-2071 | 0.00 | — | 0.01 | Jun 15, 2009 | Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site… | |||
| CVE-2009-2068 | 0.00 | — | 0.01 | Jun 15, 2009 | Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script… | |||
| CVE-2009-2060 | 0.00 | — | 0.01 | Jun 15, 2009 | src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web… | |||
| CVE-2009-1754 | 0.00 | — | 0.01 | May 26, 2009 | The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote… | |||
| CVE-2009-1598 | 0.00 | — | 0.02 | May 11, 2009 | Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document… | |||
| CVE-2009-1442 | 0.00 | — | 0.02 | May 7, 2009 | Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. | |||
| CVE-2009-1441 | 0.00 | — | 0.02 | May 7, 2009 | Heap-based buffer overflow in the ParamTraits::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that… | |||
| CVE-2009-1414 | 0.00 | — | 0.00 | Apr 24, 2009 | Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. | |||
| CVE-2009-1413 | 0.00 | — | 0.01 | Apr 24, 2009 | Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript… | |||
| CVE-2009-1412 | 0.00 | — | 0.01 | Apr 24, 2009 | Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction,… | |||
| CVE-2008-6512 | 0.00 | — | 0.05 | Mar 24, 2009 | Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on… | |||
| CVE-2009-0608 | 0.00 | — | 0.00 | Feb 17, 2009 | Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines. | |||
| CVE-2009-0607 | 0.00 | — | 0.00 | Feb 17, 2009 | Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions. | |||
| CVE-2009-0606 | 0.00 | — | 0.00 | Feb 17, 2009 | The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by… | |||
| CVE-2009-0475 | 0.00 | — | 0.02 | Feb 11, 2009 | Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption. | |||
| CVE-2009-0411 | 0.00 | — | 0.01 | Feb 3, 2009 | Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | |||
| CVE-2009-0276 | 0.00 | — | 0.01 | Feb 3, 2009 | Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the… | |||
| CVE-2008-5915 | 0.00 | — | 0.01 | Jan 20, 2009 | An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an… | |||
| CVE-2008-4724 | 0.00 | — | 0.01 | Oct 23, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown;… | |||
| CVE-2008-3891 | 0.00 | — | 0.01 | Sep 3, 2008 | The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | |||
| CVE-2007-6536 | 0.00 | — | 0.01 | Dec 27, 2007 | The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users… | |||
| CVE-2007-6452 | 0.00 | — | 0.01 | Dec 20, 2007 | Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||
| CVE-2007-4847 | 0.00 | — | 0.01 | Sep 12, 2007 | Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-4823 | 0.00 | — | 0.00 | Sep 11, 2007 | Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-4824 | 0.00 | — | 0.00 | Sep 11, 2007 | Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-3150 | 0.00 | — | 0.01 | Jun 11, 2007 | Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is… | |||
| CVE-2007-2378 | 0.00 | — | 0.01 | Apr 30, 2007 | The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element… | |||
| CVE-2006-6223 | 0.00 | — | 0.03 | Dec 2, 2006 | Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. | |||
| CVE-2006-6182 | 0.00 | — | 0.00 | Dec 1, 2006 | The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file. | |||
| CVE-2005-3899 | 0.00 | — | 0.01 | Nov 29, 2005 | The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature… | |||
| CVE-2005-3869 | 0.00 | — | 0.03 | Nov 29, 2005 | Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. | |||
| CVE-2005-3754 | 0.00 | — | 0.02 | Nov 22, 2005 | Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the… | |||
| CVE-2005-3756 | 0.00 | — | 0.02 | Nov 22, 2005 | Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports. | |||
| CVE-2005-3755 | 0.00 | — | 0.04 | Nov 22, 2005 | Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages. | |||
| CVE-2005-3678 | 0.00 | — | 0.01 | Nov 18, 2005 | Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender. | |||
| CVE-2002-1442 | 0.00 | — | 0.01 | Apr 11, 2003 | The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the… | |||
| CVE-2002-1443 | 0.00 | — | 0.01 | Apr 11, 2003 | The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. |
- CVE-2009-2935Aug 27, 2009risk 0.00cvss —epss 0.05
Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.
- CVE-2009-2955Aug 24, 2009risk 0.00cvss —epss 0.01
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
- CVE-2009-2656Aug 3, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.
- CVE-2009-2578Jul 22, 2009risk 0.00cvss —epss 0.01
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
- CVE-2009-2556Jul 21, 2009risk 0.00cvss —epss 0.02
Google Chrome before 2.0.172.37 allows attackers to leverage renderer access to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger excessive memory allocation.
- CVE-2009-2555Jul 21, 2009risk 0.00cvss —epss 0.03
Heap-based buffer overflow in src/jsregexp.cc in Google V8 before 1.1.10.14, as used in Google Chrome before 2.0.172.37, allows remote attackers to execute arbitrary code in the Chrome sandbox via a crafted JavaScript regular expression.
- CVE-2009-2348Jul 17, 2009risk 0.00cvss —epss 0.00
Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a…
- CVE-2009-2121Jun 23, 2009risk 0.00cvss —epss 0.02
Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.
- CVE-2009-2071Jun 15, 2009risk 0.00cvss —epss 0.01
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site…
- CVE-2009-2068Jun 15, 2009risk 0.00cvss —epss 0.01
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script…
- CVE-2009-2060Jun 15, 2009risk 0.00cvss —epss 0.01
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web…
- CVE-2009-1754May 26, 2009risk 0.00cvss —epss 0.01
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote…
- CVE-2009-1598May 11, 2009risk 0.00cvss —epss 0.02
Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document…
- CVE-2009-1442May 7, 2009risk 0.00cvss —epss 0.02
Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas.
- CVE-2009-1441May 7, 2009risk 0.00cvss —epss 0.02
Heap-based buffer overflow in the ParamTraits::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that…
- CVE-2009-1414Apr 24, 2009risk 0.00cvss —epss 0.00
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors.
- CVE-2009-1413Apr 24, 2009risk 0.00cvss —epss 0.01
Google Chrome 1.0.x does not cancel timeouts upon a page transition, which makes it easier for attackers to conduct Universal XSS attacks by calling setTimeout to trigger future execution of JavaScript code, and then modifying document.location to arrange for JavaScript…
- CVE-2009-1412Apr 24, 2009risk 0.00cvss —epss 0.01
Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction,…
- CVE-2008-6512Mar 24, 2009risk 0.00cvss —epss 0.05
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on…
- CVE-2009-0608Feb 17, 2009risk 0.00cvss —epss 0.00
Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.
- CVE-2009-0607Feb 17, 2009risk 0.00cvss —epss 0.00
Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.
- CVE-2009-0606Feb 17, 2009risk 0.00cvss —epss 0.00
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by…
- CVE-2009-0475Feb 11, 2009risk 0.00cvss —epss 0.02
Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.
- CVE-2009-0411Feb 3, 2009risk 0.00cvss —epss 0.01
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
- CVE-2009-0276Feb 3, 2009risk 0.00cvss —epss 0.01
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the…
- CVE-2008-5915Jan 20, 2009risk 0.00cvss —epss 0.01
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an…
- CVE-2008-4724Oct 23, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown;…
- CVE-2008-3891Sep 3, 2008risk 0.00cvss —epss 0.01
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
- CVE-2007-6536Dec 27, 2007risk 0.00cvss —epss 0.01
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users…
- CVE-2007-6452Dec 20, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
- CVE-2007-4847Sep 12, 2007risk 0.00cvss —epss 0.01
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-4823Sep 11, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-4824Sep 11, 2007risk 0.00cvss —epss 0.00
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-3150Jun 11, 2007risk 0.00cvss —epss 0.01
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is…
- CVE-2007-2378Apr 30, 2007risk 0.00cvss —epss 0.01
The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element…
- CVE-2006-6223Dec 2, 2006risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
- CVE-2006-6182Dec 1, 2006risk 0.00cvss —epss 0.00
The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file.
- CVE-2005-3899Nov 29, 2005risk 0.00cvss —epss 0.01
The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature…
- CVE-2005-3869Nov 29, 2005risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
- CVE-2005-3754Nov 22, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the…
- CVE-2005-3756Nov 22, 2005risk 0.00cvss —epss 0.02
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
- CVE-2005-3755Nov 22, 2005risk 0.00cvss —epss 0.04
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
- CVE-2005-3678Nov 18, 2005risk 0.00cvss —epss 0.01
Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender.
- CVE-2002-1442Apr 11, 2003risk 0.00cvss —epss 0.01
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the…
- CVE-2002-1443Apr 11, 2003risk 0.00cvss —epss 0.01
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
Page 219 of 219