Vendor CVEs
All CVEs
11,329 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-2839 | 0.00 | — | 0.01 | Aug 29, 2011 | The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-2829 | 0.00 | — | 0.01 | Aug 29, 2011 | Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays. | |||
| CVE-2011-2828 | 0.00 | — | 0.01 | Aug 29, 2011 | Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | |||
| CVE-2011-2827 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. | |||
| CVE-2011-2826 | 0.00 | — | 0.01 | Aug 29, 2011 | Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins. | |||
| CVE-2011-2825 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. | |||
| CVE-2011-2824 | 0.00 | — | 0.01 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes. | |||
| CVE-2011-2823 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. | |||
| CVE-2011-2822 | 0.00 | — | 0.01 | Aug 29, 2011 | Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors. | |||
| CVE-2011-2821 | 0.00 | — | 0.02 | Aug 29, 2011 | Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | |||
| CVE-2011-2806 | 0.00 | — | 0.02 | Aug 29, 2011 | Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2008-7298 | 0.00 | — | 0.01 | Aug 9, 2011 | The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict… | |||
| CVE-2008-7294 | 0.00 | — | 0.01 | Aug 9, 2011 | Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict… | |||
| CVE-2011-2819 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI. | |||
| CVE-2011-2818 | 0.00 | — | 0.01 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering. | |||
| CVE-2011-2805 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors. | |||
| CVE-2011-2804 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | |||
| CVE-2011-2803 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-2802 | 0.00 | — | 0.01 | Aug 3, 2011 | Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site. | |||
| CVE-2011-2801 | 0.00 | — | 0.01 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader. | |||
| CVE-2011-2800 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site. | |||
| CVE-2011-2799 | 0.00 | — | 0.02 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling. | |||
| CVE-2011-2798 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site. | |||
| CVE-2011-2797 | 0.00 | — | 0.02 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching. | |||
| CVE-2011-2796 | 0.00 | — | 0.01 | Aug 3, 2011 | Use-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-2795 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak." | |||
| CVE-2011-2794 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-2793 | 0.00 | — | 0.01 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors. | |||
| CVE-2011-2792 | 0.00 | — | 0.02 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal. | |||
| CVE-2011-2791 | 0.00 | — | 0.01 | Aug 3, 2011 | The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write. | |||
| CVE-2011-2790 | 0.00 | — | 0.02 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles. | |||
| CVE-2011-2789 | 0.00 | — | 0.01 | Aug 3, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in. | |||
| CVE-2011-2788 | 0.00 | — | 0.01 | Aug 3, 2011 | Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors. | |||
| CVE-2011-2787 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2011-2786 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element. | |||
| CVE-2011-2785 | 0.00 | — | 0.01 | Aug 3, 2011 | The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension. | |||
| CVE-2011-2784 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry. | |||
| CVE-2011-2783 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. | |||
| CVE-2011-2782 | 0.00 | — | 0.01 | Aug 3, 2011 | The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2011-2361 | 0.00 | — | 0.01 | Aug 3, 2011 | The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site. | |||
| CVE-2011-2360 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site. | |||
| CVE-2011-2359 | 0.00 | — | 0.02 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||
| CVE-2011-2358 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. | |||
| CVE-2011-2747 | 0.00 | — | 0.04 | Jul 28, 2011 | Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file. | |||
| CVE-2011-1339 | 0.00 | — | 0.00 | Jul 28, 2011 | Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-2761 | 0.00 | — | 0.01 | Jul 18, 2011 | Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods. | |||
| CVE-2011-2344 | 0.00 | — | 0.01 | Jul 8, 2011 | Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with… | |||
| CVE-2011-1001 | 0.00 | — | 0.01 | Jul 8, 2011 | dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more… | |||
| CVE-2011-2599 | 0.00 | — | 0.01 | Jun 30, 2011 | Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. | |||
| CVE-2011-2351 | 0.00 | — | 0.02 | Jun 29, 2011 | Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements. |
- CVE-2011-2839Aug 29, 2011risk 0.00cvss —epss 0.01
The PDF implementation in Google Chrome before 13.0.782.215 on Linux does not properly use the memset library function, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2011-2829Aug 29, 2011risk 0.00cvss —epss 0.01
Integer overflow in Google Chrome before 13.0.782.215 on 32-bit platforms allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving uniform arrays.
- CVE-2011-2828Aug 29, 2011risk 0.00cvss —epss 0.01
Google V8, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
- CVE-2011-2827Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
- CVE-2011-2826Aug 29, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.215 allows remote attackers to bypass the Same Origin Policy via vectors related to empty origins.
- CVE-2011-2825Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
- CVE-2011-2824Aug 29, 2011risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes.
- CVE-2011-2823Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.
- CVE-2011-2822Aug 29, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.215 on Windows does not properly parse URLs located on the command line, which has unspecified impact and attack vectors.
- CVE-2011-2821Aug 29, 2011risk 0.00cvss —epss 0.02
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
- CVE-2011-2806Aug 29, 2011risk 0.00cvss —epss 0.02
Google Chrome before 13.0.782.215 on Windows does not properly handle vertex data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2008-7298Aug 9, 2011risk 0.00cvss —epss 0.01
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict…
- CVE-2008-7294Aug 9, 2011risk 0.00cvss —epss 0.01
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict…
- CVE-2011-2819Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.
- CVE-2011-2818Aug 3, 2011risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.
- CVE-2011-2805Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy and conduct script injection attacks via unspecified vectors.
- CVE-2011-2804Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not properly handle nested functions in PDF documents, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document.
- CVE-2011-2803Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not properly handle Skia paths, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-2802Aug 3, 2011risk 0.00cvss —epss 0.01
Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site.
- CVE-2011-2801Aug 3, 2011risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the frame loader.
- CVE-2011-2800Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.
- CVE-2011-2799Aug 3, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to HTML range handling.
- CVE-2011-2798Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.
- CVE-2011-2797Aug 3, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to resource caching.
- CVE-2011-2796Aug 3, 2011risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Skia, as used in Google Chrome before 13.0.782.107, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2011-2795Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."
- CVE-2011-2794Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not properly perform text iteration, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-2793Aug 3, 2011risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to media selectors.
- CVE-2011-2792Aug 3, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to float removal.
- CVE-2011-2791Aug 3, 2011risk 0.00cvss —epss 0.01
The International Components for Unicode (ICU) functionality in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
- CVE-2011-2790Aug 3, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles.
- CVE-2011-2789Aug 3, 2011risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to instantiation of the Pepper plug-in.
- CVE-2011-2788Aug 3, 2011risk 0.00cvss —epss 0.01
Buffer overflow in the inspector serialization functionality in Google Chrome before 13.0.782.107 allows user-assisted remote attackers to have an unspecified impact via unknown vectors.
- CVE-2011-2787Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
- CVE-2011-2786Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not ensure that the speech-input bubble is shown on the product's screen, which might make it easier for remote attackers to make audio recordings via a crafted web page containing an INPUT element.
- CVE-2011-2785Aug 3, 2011risk 0.00cvss —epss 0.01
The extensions implementation in Google Chrome before 13.0.782.107 does not properly validate the URL for the home page, which allows remote attackers to have an unspecified impact via a crafted extension.
- CVE-2011-2784Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.
- CVE-2011-2783Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not ensure that developer-mode NPAPI extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
- CVE-2011-2782Aug 3, 2011risk 0.00cvss —epss 0.01
The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
- CVE-2011-2361Aug 3, 2011risk 0.00cvss —epss 0.01
The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site.
- CVE-2011-2360Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via a crafted web site.
- CVE-2011-2359Aug 3, 2011risk 0.00cvss —epss 0.02
Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
- CVE-2011-2358Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension.
- CVE-2011-2747Jul 28, 2011risk 0.00cvss —epss 0.04
Google Picasa before 3.6 Build 105.67 does not properly handle invalid properties in JPEG images, which allows remote attackers to execute arbitrary code via a crafted image file.
- CVE-2011-1339Jul 28, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-2761Jul 18, 2011risk 0.00cvss —epss 0.01
Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.
- CVE-2011-2344Jul 8, 2011risk 0.00cvss —epss 0.01
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with…
- CVE-2011-1001Jul 8, 2011risk 0.00cvss —epss 0.01
dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more…
- CVE-2011-2599Jun 30, 2011risk 0.00cvss —epss 0.01
Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.
- CVE-2011-2351Jun 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
Page 220 of 227