Export limit exceeded: 13818 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13818 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-4724 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-3268 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828. | ||||
| CVE-2009-1414 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors. | ||||
| CVE-2009-2578 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479. | ||||
| CVE-2008-6998 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link. | ||||
| CVE-2010-0315 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. | ||||
| CVE-2009-0374 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue. | ||||
| CVE-2009-3264 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document. | ||||
| CVE-2009-1690 | 3 Apple, Google, Redhat | 4 Iphone Os, Safari, Chrome and 1 more | 2025-04-09 | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | ||||
| CVE-2007-4823 | 1 Google | 1 Picasa | 2025-04-09 | N/A |
| Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. | ||||
| CVE-2008-6997 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action. | ||||
| CVE-2008-6995 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI. | ||||
| CVE-2009-2656 | 1 Google | 1 Android | 2025-04-09 | N/A |
| Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009. | ||||
| CVE-2009-2348 | 1 Google | 1 Android | 2025-04-09 | N/A |
| Android 1.5 CRBxx allows local users to bypass the (1) Manifest.permission.CAMERA (aka android.permission.CAMERA) and (2) Manifest.permission.AUDIO_RECORD (aka android.permission.RECORD_AUDIO) configuration settings by installing and executing an application that does not make a permission request before using the camera or microphone. | ||||
| CVE-2008-6512 | 1 Google | 1 Gears | 2025-04-09 | N/A |
| Cross-domain vulnerability in the WorkerPool API in Google Gears before 0.5.4.2 allows remote attackers to bypass the Same Origin Policy and the intended access restrictions of the allowCrossOrigin function by hosting an assumed-safe file type containing Google Gear commands on the target domain, then accessing that file from the attacking domain, whose response headers are not checked and cause the worker code to run in the target domain. | ||||
| CVE-2008-5915 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-2352 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta are also affected. | ||||
| CVE-2009-3263 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML "active content." | ||||
| CVE-2006-5019 | 1 Google | 1 Mini Search Appliance | 2025-04-09 | N/A |
| Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message. | ||||
| CVE-2008-4340 | 1 Google | 1 Chrome | 2025-04-09 | N/A |
| Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function. | ||||