Export limit exceeded: 23475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13816 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0927 | 1 Google | 1 Chrome Os | 2025-04-11 | N/A |
| Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c read_config implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGO_RC_FILE environment variable, which allows attackers to bypass intended access restrictions via crafted configuration data. | ||||
| CVE-2010-1807 | 4 Apple, Google, Redhat and 1 more | 4 Safari, Android, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation. | ||||
| CVE-2012-2887 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | N/A |
| Use-after-free vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving onclick events. | ||||
| CVE-2011-2357 | 1 Google | 1 Android | 2025-04-11 | N/A |
| Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain. | ||||
| CVE-2013-1369 | 6 Adobe, Apple, Google and 3 more | 8 Air, Air Sdk, Flash Player and 5 more | 2025-04-11 | N/A |
| Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373. | ||||
| CVE-2013-1375 | 6 Adobe, Apple, Google and 3 more | 10 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 7 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-1378 | 6 Adobe, Apple, Google and 3 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2025-04-11 | N/A |
| Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380. | ||||
| CVE-2013-6623 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout. | ||||
| CVE-2013-6639 | 2 Google, Redhat | 5 Chrome, V8, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. | ||||
| CVE-2013-6660 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site. | ||||
| CVE-2012-4360 | 2 Apache, Google | 2 Http Server, Mod Pagespeed | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0646 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays. | ||||
| CVE-2010-0647 | 2 Apple, Google | 2 Webkit, Chrome | 2025-04-11 | N/A |
| WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. | ||||
| CVE-2010-0662 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization. | ||||
| CVE-2012-1391 | 2 Google, Mobisynapse | 2 Android, Moffice-outlook Sync | 2025-04-11 | N/A |
| Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors. | ||||
| CVE-2012-1394 | 2 Goforandroid, Google | 2 Go Email Widget, Android | 2025-04-11 | N/A |
| Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack vectors. | ||||
| CVE-2012-1407 | 2 Goforandroid, Google | 2 Go Message Widget, Android | 2025-04-11 | N/A |
| Unspecified vulnerability in the GO Message Widget (com.gau.go.launcherex.gowidget.smswidget) application 1.9, 2.1, and 2.3 for Android has unknown impact and attack vectors. | ||||
| CVE-2011-0984 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | N/A |
| Google Chrome before 9.0.597.94 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||||
| CVE-2011-0985 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | N/A |
| Google Chrome before 9.0.597.94 does not properly perform process termination upon memory exhaustion, which has unspecified impact and remote attack vectors. | ||||
| CVE-2011-1042 | 1 Google | 1 Chrome Os | 2025-04-11 | N/A |
| Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to connection attempts. | ||||