VYPR

Vendor CVEs

Google

All CVEs

11,327 total · sorted by risk
  • CVE-2008-6512Mar 24, 2009
    risk 0.00cvss epss 0.05

    Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on…

  • CVE-2009-0608Feb 17, 2009
    risk 0.00cvss epss 0.00

    Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.

  • CVE-2009-0607Feb 17, 2009
    risk 0.00cvss epss 0.00

    Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.

  • CVE-2009-0606Feb 17, 2009
    risk 0.00cvss epss 0.00

    The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by…

  • CVE-2009-0475Feb 11, 2009
    risk 0.00cvss epss 0.02

    Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.

  • CVE-2009-0411Feb 3, 2009
    risk 0.00cvss epss 0.01

    Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.

  • CVE-2009-0276Feb 3, 2009
    risk 0.00cvss epss 0.01

    Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the…

  • CVE-2008-5915Jan 20, 2009
    risk 0.00cvss epss 0.01

    An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an…

  • CVE-2008-4724Oct 23, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown;…

  • CVE-2008-3891Sep 3, 2008
    risk 0.00cvss epss 0.01

    The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.

  • CVE-2007-6536Dec 27, 2007
    risk 0.00cvss epss 0.01

    The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users…

  • CVE-2007-6452Dec 20, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).

  • CVE-2007-4847Sep 12, 2007
    risk 0.00cvss epss 0.01

    Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.

  • CVE-2007-4823Sep 11, 2007
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.

  • CVE-2007-4824Sep 11, 2007
    risk 0.00cvss epss 0.00

    Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.

  • CVE-2007-3150Jun 11, 2007
    risk 0.00cvss epss 0.01

    Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is…

  • CVE-2007-2378Apr 30, 2007
    risk 0.00cvss epss 0.01

    The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element…

  • CVE-2006-6223Dec 2, 2006
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.

  • CVE-2006-6182Dec 1, 2006
    risk 0.00cvss epss 0.00

    The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file.

  • CVE-2005-3899Nov 29, 2005
    risk 0.00cvss epss 0.01

    The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature…

  • CVE-2005-3869Nov 29, 2005
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.

  • CVE-2005-3756Nov 22, 2005
    risk 0.00cvss epss 0.02

    Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.

  • CVE-2005-3755Nov 22, 2005
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.

  • CVE-2005-3754Nov 22, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the…

  • CVE-2005-3678Nov 18, 2005
    risk 0.00cvss epss 0.01

    Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender.

  • CVE-2002-1443Apr 11, 2003
    risk 0.00cvss epss 0.01

    The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.

  • CVE-2002-1442Apr 11, 2003
    risk 0.00cvss epss 0.01

    The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the…

Page 227 of 227