Vendor CVEs
All CVEs
11,327 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6512 | 0.00 | — | 0.05 | Mar 24, 2009 | Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on… | |||
| CVE-2009-0608 | 0.00 | — | 0.00 | Feb 17, 2009 | Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines. | |||
| CVE-2009-0607 | 0.00 | — | 0.00 | Feb 17, 2009 | Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions. | |||
| CVE-2009-0606 | 0.00 | — | 0.00 | Feb 17, 2009 | The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by… | |||
| CVE-2009-0475 | 0.00 | — | 0.02 | Feb 11, 2009 | Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption. | |||
| CVE-2009-0411 | 0.00 | — | 0.01 | Feb 3, 2009 | Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script. | |||
| CVE-2009-0276 | 0.00 | — | 0.01 | Feb 3, 2009 | Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the… | |||
| CVE-2008-5915 | 0.00 | — | 0.01 | Jan 20, 2009 | An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an… | |||
| CVE-2008-4724 | 0.00 | — | 0.01 | Oct 23, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown;… | |||
| CVE-2008-3891 | 0.00 | — | 0.01 | Sep 3, 2008 | The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | |||
| CVE-2007-6536 | 0.00 | — | 0.01 | Dec 27, 2007 | The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users… | |||
| CVE-2007-6452 | 0.00 | — | 0.01 | Dec 20, 2007 | Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS). | |||
| CVE-2007-4847 | 0.00 | — | 0.01 | Sep 12, 2007 | Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-4823 | 0.00 | — | 0.00 | Sep 11, 2007 | Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-4824 | 0.00 | — | 0.00 | Sep 11, 2007 | Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||
| CVE-2007-3150 | 0.00 | — | 0.01 | Jun 11, 2007 | Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is… | |||
| CVE-2007-2378 | 0.00 | — | 0.01 | Apr 30, 2007 | The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element… | |||
| CVE-2006-6223 | 0.00 | — | 0.03 | Dec 2, 2006 | Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter. | |||
| CVE-2006-6182 | 0.00 | — | 0.00 | Dec 1, 2006 | The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file. | |||
| CVE-2005-3899 | 0.00 | — | 0.01 | Nov 29, 2005 | The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature… | |||
| CVE-2005-3869 | 0.00 | — | 0.03 | Nov 29, 2005 | Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. | |||
| CVE-2005-3756 | 0.00 | — | 0.02 | Nov 22, 2005 | Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports. | |||
| CVE-2005-3755 | 0.00 | — | 0.04 | Nov 22, 2005 | Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages. | |||
| CVE-2005-3754 | 0.00 | — | 0.02 | Nov 22, 2005 | Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the… | |||
| CVE-2005-3678 | 0.00 | — | 0.01 | Nov 18, 2005 | Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender. | |||
| CVE-2002-1443 | 0.00 | — | 0.01 | Apr 11, 2003 | The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler. | |||
| CVE-2002-1442 | 0.00 | — | 0.01 | Apr 11, 2003 | The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the… |
- CVE-2008-6512Mar 24, 2009risk 0.00cvss —epss 0.05
Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on…
- CVE-2009-0608Feb 17, 2009risk 0.00cvss —epss 0.00
Integer overflow in the showLog function in fake_log_device.c in liblog in Open Handset Alliance Android 1.0 allows attackers to trigger a buffer overflow and possibly have unspecified other impact by sending a large number of input lines.
- CVE-2009-0607Feb 17, 2009risk 0.00cvss —epss 0.00
Multiple integer overflows in malloc_leak.c in Bionic in Open Handset Alliance Android 1.0 have unknown impact and attack vectors, related to the (1) chk_calloc and (2) leak_calloc functions.
- CVE-2009-0606Feb 17, 2009risk 0.00cvss —epss 0.00
The link_image function in linker/linker.c in the dynamic linker in Bionic in Open Handset Alliance Android 1.0 on the T-Mobile G1 phone does not properly handle file descriptors 0, 1, and 2 for a setgid program, which allows local users to create arbitrary files owned by…
- CVE-2009-0475Feb 11, 2009risk 0.00cvss —epss 0.02
Integer underflow in the Huffman decoding functionality (pvmp3_huffman_parsing.cpp) in OpenCORE 2.0 and earlier allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a crafted MP3 file that triggers heap corruption.
- CVE-2009-0411Feb 3, 2009risk 0.00cvss —epss 0.01
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
- CVE-2009-0276Feb 3, 2009risk 0.00cvss —epss 0.01
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the…
- CVE-2008-5915Jan 20, 2009risk 0.00cvss —epss 0.01
An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an…
- CVE-2008-4724Oct 23, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown;…
- CVE-2008-3891Sep 3, 2008risk 0.00cvss —epss 0.01
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
- CVE-2007-6536Dec 27, 2007risk 0.00cvss —epss 0.01
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users…
- CVE-2007-6452Dec 20, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
- CVE-2007-4847Sep 12, 2007risk 0.00cvss —epss 0.01
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-4823Sep 11, 2007risk 0.00cvss —epss 0.00
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-4824Sep 11, 2007risk 0.00cvss —epss 0.00
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
- CVE-2007-3150Jun 11, 2007risk 0.00cvss —epss 0.01
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is…
- CVE-2007-2378Apr 30, 2007risk 0.00cvss —epss 0.01
The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element…
- CVE-2006-6223Dec 2, 2006risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
- CVE-2006-6182Dec 1, 2006risk 0.00cvss —epss 0.00
The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file.
- CVE-2005-3899Nov 29, 2005risk 0.00cvss —epss 0.01
The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature…
- CVE-2005-3869Nov 29, 2005risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
- CVE-2005-3756Nov 22, 2005risk 0.00cvss —epss 0.02
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
- CVE-2005-3755Nov 22, 2005risk 0.00cvss —epss 0.04
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
- CVE-2005-3754Nov 22, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the…
- CVE-2005-3678Nov 18, 2005risk 0.00cvss —epss 0.01
Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender.
- CVE-2002-1443Apr 11, 2003risk 0.00cvss —epss 0.01
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
- CVE-2002-1442Apr 11, 2003risk 0.00cvss —epss 0.01
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the…
Page 227 of 227