Filtered by vendor Google
Subscribe
Total
10294 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4909 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | |||||
CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2012-09-14 | 7.5 HIGH | N/A |
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |||||
CVE-2012-4907 | 1 Google | 2 Android, Chrome | 2012-09-14 | 9.3 HIGH | N/A |
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | |||||
CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2012-09-14 | 5.0 MEDIUM | N/A |
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | |||||
CVE-2012-4905 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." | |||||
CVE-2012-4904 | 1 Google | 2 Android, Chrome | 2012-09-14 | 4.3 MEDIUM | N/A |
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. | |||||
CVE-2012-4903 | 1 Google | 2 Android, Chrome | 2012-09-13 | 5.0 MEDIUM | N/A |
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. | |||||
CVE-2012-3483 | 1 Google | 1 Tunnelblick | 2012-08-26 | 6.2 MEDIUM | N/A |
Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file. | |||||
CVE-2012-3484 | 1 Google | 1 Tunnelblick | 2012-08-26 | 7.2 HIGH | N/A |
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. | |||||
CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2012-08-26 | 6.9 MEDIUM | N/A |
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||||
CVE-2012-3487 | 1 Google | 1 Tunnelblick | 2012-08-26 | 1.2 LOW | N/A |
Race condition in Tunnelblick 3.3beta20 and earlier allows local users to kill unintended processes by waiting for a specific PID value to be assigned to a target process. | |||||
CVE-2012-4676 | 1 Google | 1 Tunnelblick | 2012-08-26 | 1.2 LOW | N/A |
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485. | |||||
CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2012-08-26 | 4.4 MEDIUM | N/A |
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||||
CVE-2012-2674 | 1 Google | 1 Bionic | 2012-08-23 | 4.3 MEDIUM | N/A |
Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and (3) leak_memalign functions in libc/bionic/malloc_debug_leak.c in Bionic (libc) for Android, when libc.debug.malloc is set, make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. | |||||
CVE-2012-4007 | 2 Google, Mixi | 2 Android, Mixi | 2012-08-19 | 4.3 MEDIUM | N/A |
The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. | |||||
CVE-2012-2859 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-08-07 | 7.5 HIGH | N/A |
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2012-2846 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2012-08-06 | 5.0 MEDIUM | N/A |
Google Chrome before 21.0.1180.57 on Linux does not properly isolate renderer processes, which allows remote attackers to cause a denial of service (cross-process interference) via unspecified vectors. | |||||
CVE-2008-7294 | 1 Google | 1 Chrome | 2012-08-01 | 5.8 MEDIUM | N/A |
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
CVE-2008-7298 | 2 Android, Google | 2 Android Browser, Android | 2012-08-01 | 5.8 MEDIUM | N/A |
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
CVE-2012-2647 | 3 Apple, Google, Yahoo | 3 Safari, Chrome, Toolbar | 2012-07-31 | 5.8 MEDIUM | N/A |
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. |