Filtered by vendor Google
Subscribe
Search
Total
9554 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1381 | 2 Google, Netease | 2 Android, Netease Cloudalbum | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the NetEase CloudAlbum (com.netease.cloudalbum) application 2.0.0 and 2.2.0 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1386 | 2 Google, Youmail | 2 Android, Youmail Visual Voicemail Plus | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the YouMail Visual Voicemail Plus (com.youmail.android.vvm) application 2.0.45 and 2.1.43 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1387 | 2 Google, Uangel | 2 Android, Realtalk | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) application A.0.9.250 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1388 | 2 Google, Xixun | 2 Android, Xixuntiantian | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) application 0.6.2 beta for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1389 | 2 Google, Icekirin | 2 Android, Di Long Weibo | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) application 1.9.9 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1384 | 2 Google, Netease | 2 Android, Netease Pmail | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) application 0.5.0 and 0.5.2 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1390 | 2 Gomiso, Google | 2 Miso, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Miso (com.bazaarlabs.miso) application 2.2 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1385 | 2 Google, Netease | 2 Android, Netease Weibohd | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) application 1.0.0 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1391 | 2 Google, Mobisynapse | 2 Android, Moffice-outlook Sync | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1392 | 2 Dolphin-browser, Google | 2 Dolphin Browser Hd, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Dolphin Browser HD (mobi.mgeek.TunnyBrowser) application 6.2.0, 7.2.1, 7.3.0, and 7.4.0 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1393 | 2 Goforandroid, Google | 2 Go Sms Pro, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application 3.72, 4.10, and 4.35 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1407 | 2 Goforandroid, Google | 2 Go Message Widget, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO Message Widget (com.gau.go.launcherex.gowidget.smswidget) application 1.9, 2.1, and 2.3 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1394 | 2 Goforandroid, Google | 2 Go Email Widget, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1395 | 2 Goforandroid, Google | 2 Go Twiwidget, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO TwiWidget (com.gau.go.launcherex.gowidget.twitterwidget) application 1.7 and 2.1 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1396 | 2 Goforandroid, Google | 2 Go Fbwidget, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1380 | 2 Google, Netease | 2 Android, Neteaseweibo | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) application 1.2.1 and 1.2.2 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1406 | 2 Goforandroid, Google | 2 Go Bookmark Widget, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO Bookmark Widget (com.gau.go.launcherex.gowidget.bookmark) application 1.1 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1397 | 2 Goforandroid, Google | 2 Go Qqweibowidget, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcherex.gowidget.qqweibowidget) application 1.2 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1405 | 2 Goforandroid, Google | 2 Go Note Widget, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the GO Note Widget (com.gau.go.launcherex.gowidget.notewidget) application 1.5 and 1.9 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1404 | 2 Dolphin-browser, Google | 2 Dolphin Browser Mini, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Dolphin Browser Mini (com.dolphin.browser) application 2.2 for Android has unknown impact and attack vectors. | |||||
| CVE-2012-1403 | 2 Dolphin-browser, Google | 2 Dolphin Browser Cn, Android | 2012-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Dolphin Browser CN (com.dolphin.browser.cn) application 6.3.1 and 7.2.1 for Android has unknown impact and attack vectors. | |||||
| CVE-2011-4865 | 2 Google, Tencent | 3 Android, Microblogpad, Wblog | 2012-02-29 | 5.8 MEDIUM | N/A |
| The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. | |||||
| CVE-2011-4864 | 2 Google, Tencent | 2 Android, Mobileqq | 2012-02-29 | 5.8 MEDIUM | N/A |
| The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application. | |||||
| CVE-2009-1754 | 1 Google | 1 Android | 2012-02-29 | 4.3 MEDIUM | N/A |
| The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted attackers to access application data by creating a package that specifies a shared user ID with an arbitrary application. | |||||
| CVE-2011-3874 | 1 Google | 1 Android | 2012-02-06 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong number of arguments, as demonstrated by zergRush to trigger a use-after-free error. | |||||
| CVE-2011-4276 | 1 Google | 1 Android | 2012-01-26 | 4.3 MEDIUM | N/A |
| The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer. | |||||
| CVE-2011-2170 | 1 Google | 1 Chrome Os | 2012-01-18 | 4.4 MEDIUM | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is enabled, does not prevent changes on the about:flags page, which has unspecified impact and local attack vectors. | |||||
| CVE-2011-2171 | 1 Google | 1 Chrome Os | 2012-01-18 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the dbugs package in Google Chrome OS before R12 0.12.433.38 Beta has unknown impact and attack vectors. | |||||
| CVE-2010-4804 | 1 Google | 1 Android | 2011-10-27 | 4.3 MEDIUM | N/A |
| The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/. | |||||
| CVE-2011-1840 | 2 Google, Martinicreations | 2 Android, Passmanlite Password Manager | 2011-09-22 | 2.1 LOW | N/A |
| The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access. | |||||
| CVE-2011-1001 | 1 Google | 1 Android Sdk | 2011-09-07 | 4.3 MEDIUM | N/A |
| dexdump in Android SDK before 2.3 does not properly perform structural verification, which allows user-assisted remote attackers to cause a denial of service (dexdump crash) and possibly execute arbitrary code via a malformed APK or dex file that calls a method using more arguments than the number of register that have been declared for that method. | |||||
| CVE-2010-0316 | 1 Google | 1 Google Sketchup | 2011-08-08 | 9.3 HIGH | N/A |
| Integer overflow in Google SketchUp before 7.1 M2 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via a crafted SKP file. | |||||
| CVE-2011-1339 | 1 Google | 1 Search Appliance | 2011-08-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Search Appliance before 5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-2344 | 1 Google | 1 Android | 2011-07-08 | 10.0 HIGH | N/A |
| Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. | |||||
| CVE-2011-2169 | 1 Google | 1 Chrome Os | 2011-05-25 | 7.2 HIGH | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | |||||
| CVE-2011-1149 | 1 Google | 1 Android | 2011-04-23 | 7.2 HIGH | N/A |
| Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK. | |||||
| CVE-2010-4212 | 2 Google, Usaa | 2 Android, Usaa | 2010-12-22 | 1.9 LOW | N/A |
| The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data. | |||||
| CVE-2010-4214 | 2 Google, Wellsfargo | 2 Android, Wells Fargo Mobile | 2010-11-09 | 4.3 MEDIUM | N/A |
| The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | |||||
| CVE-2010-4213 | 2 Bankofamerica, Google | 2 Bank Of America, Android | 2010-11-09 | 4.3 MEDIUM | N/A |
| The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data. | |||||
| CVE-2009-3932 | 1 Google | 1 Chrome | 2009-11-13 | 9.3 HIGH | N/A |
| The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state." | |||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2009-10-01 | 4.3 MEDIUM | N/A |
| The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. | |||||
| CVE-2009-3456 | 1 Google | 1 Chrome | 2009-09-30 | 7.5 HIGH | N/A |
| Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2974 | 1 Google | 1 Chrome | 2009-08-28 | 5.0 MEDIUM | N/A |
| Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property. | |||||
| CVE-2009-2071 | 1 Google | 1 Chrome | 2009-06-23 | 6.8 MEDIUM | N/A |
| Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request. | |||||
| CVE-2009-1442 | 1 Google | 1 Chrome | 2009-05-19 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas. | |||||
| CVE-2009-0276 | 1 Google | 1 Chrome | 2009-02-04 | 5.0 MEDIUM | N/A |
| Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame. | |||||
| CVE-2007-4847 | 1 Google | 1 Picasa | 2008-11-15 | 5.0 MEDIUM | N/A |
| Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2007-4824 | 1 Google | 1 Picasa | 2008-11-15 | 6.8 MEDIUM | N/A |
| Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | |||||
| CVE-2007-3484 | 1 Google | 1 Custom Search Engine | 2008-11-15 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website." | |||||
| CVE-2007-3150 | 1 Google | 1 Desktop | 2008-11-15 | 9.3 HIGH | N/A |
| Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file. | |||||