Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Total 10294 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-2632 1 Google 2 Chrome, V8 2013-04-08 6.8 MEDIUM N/A
Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by the Bejeweled game.
CVE-2013-0919 2 Google, Linux 2 Chrome, Linux Kernel 2013-04-02 7.5 HIGH N/A
Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging the presence of an extension that creates a pop-up window.
CVE-2012-3979 2 Google, Mozilla 4 Android, Firefox, Firefox Esr and 1 more 2013-03-25 6.8 MEDIUM N/A
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
CVE-2013-2493 1 Google 1 Chrome Frame 2013-03-07 4.3 MEDIUM N/A
The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allows user-assisted remote attackers to cause a denial of service (application crash) via an _blank value for the target attribute of an A element.
CVE-2013-0630 5 Adobe, Apple, Google and 2 more 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more 2013-03-05 10.0 HIGH N/A
Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2012-4016 2 Google, Justsystems 2 Android, Atok 2013-03-01 4.3 MEDIUM N/A
The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.
CVE-2012-4017 2 Google, Jb\+ 2 Android, Jigbrowser\+ 2013-03-01 4.3 MEDIUM N/A
The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-5564 1 Google 1 Android Debug Bridge 2013-02-18 3.3 LOW N/A
android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.
CVE-2011-1352 1 Google 1 Android 2013-02-07 6.9 MEDIUM N/A
The PowerVR SGX driver in Android before 2.3.6 allows attackers to gain root privileges via an application that triggers kernel memory corruption using crafted user data to the pvrsrvkm device.
CVE-2013-0838 2 Google, Linux 2 Chrome, Linux Kernel 2013-02-06 7.5 HIGH N/A
Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.
CVE-2011-1350 1 Google 1 Android 2013-02-06 7.1 HIGH N/A
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
CVE-2013-0843 2 Apple, Google 2 Mac Os X, Chrome 2013-01-29 7.5 HIGH N/A
content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio.
CVE-2012-4930 2 Google, Mozilla 2 Chrome, Firefox 2013-01-29 2.6 LOW N/A
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
CVE-2012-5155 2 Apple, Google 2 Mac Os X, Chrome 2013-01-15 5.0 MEDIUM N/A
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2012-1249 2 Google, Lunascape 2 Android, Ilunascape Android 2013-01-03 5.0 MEDIUM N/A
The iLunascape application 1.0.4.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive stored information via a crafted application.
CVE-2012-6301 1 Google 1 Android 2012-12-10 5.0 MEDIUM N/A
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
CVE-2012-6051 1 Google 1 Cityhash 2012-11-28 5.0 MEDIUM N/A
Google CityHash computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack.
CVE-2011-3109 2 Google, Linux 2 Chrome, Linux Kernel 2012-11-19 7.5 HIGH N/A
Google Chrome before 19.0.1084.52 on Linux does not properly perform a cast of an unspecified variable, which allows remote attackers to cause a denial of service or possibly have unknown other impact by leveraging an error in the GTK implementation of the UI.
CVE-2011-5238 1 Google 1 Checkout-php 2012-11-06 5.8 MEDIUM N/A
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2011-5037 1 Google 1 V8 2012-11-05 5.0 MEDIUM N/A
Google V8 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, as demonstrated by attacks against Node.js.