Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Google Subscribe
Total 10294 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4909 1 Google 2 Android, Chrome 2012-09-14 4.3 MEDIUM N/A
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
CVE-2012-4908 1 Google 2 Android, Chrome 2012-09-14 7.5 HIGH N/A
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
CVE-2012-4907 1 Google 2 Android, Chrome 2012-09-14 9.3 HIGH N/A
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
CVE-2012-4906 1 Google 2 Android, Chrome 2012-09-14 5.0 MEDIUM N/A
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
CVE-2012-4905 1 Google 2 Android, Chrome 2012-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."
CVE-2012-4904 1 Google 2 Android, Chrome 2012-09-14 4.3 MEDIUM N/A
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.
CVE-2012-4903 1 Google 2 Android, Chrome 2012-09-13 5.0 MEDIUM N/A
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906.
CVE-2012-3483 1 Google 1 Tunnelblick 2012-08-26 6.2 MEDIUM N/A
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
CVE-2012-3484 1 Google 1 Tunnelblick 2012-08-26 7.2 HIGH N/A
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share.
CVE-2012-3486 1 Google 1 Tunnelblick 2012-08-26 6.9 MEDIUM N/A
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event.
CVE-2012-3487 1 Google 1 Tunnelblick 2012-08-26 1.2 LOW N/A
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process.
CVE-2012-4676 1 Google 1 Tunnelblick 2012-08-26 1.2 LOW N/A
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485.
CVE-2012-4677 1 Google 1 Tunnelblick 2012-08-26 4.4 MEDIUM N/A
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
CVE-2012-2674 1 Google 1 Bionic 2012-08-23 4.3 MEDIUM N/A
Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
CVE-2012-4007 2 Google, Mixi 2 Android, Mixi 2012-08-19 4.3 MEDIUM N/A
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.
CVE-2012-2859 2 Google, Linux 2 Chrome, Linux Kernel 2012-08-07 7.5 HIGH N/A
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2012-2846 2 Google, Linux 2 Chrome, Linux Kernel 2012-08-06 5.0 MEDIUM N/A
Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors.
CVE-2008-7294 1 Google 1 Chrome 2012-08-01 5.8 MEDIUM N/A
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2008-7298 2 Android, Google 2 Android Browser, Android 2012-08-01 5.8 MEDIUM N/A
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2012-2647 3 Apple, Google, Yahoo 3 Safari, Chrome, Toolbar 2012-07-31 5.8 MEDIUM N/A
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.