CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1443 2003-04-11 2017-10-10
5.0
None Remote Low Not required Partial None None
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
2 CVE-2005-3678 20 DoS 2005-11-18 2017-07-11
5.0
None Remote Low Not required None None Partial
Google Talk before 1.0.0.76, with email notification enabled, allows remote attackers to cause a denial of service (connection reset) via email with a blank sender.
3 CVE-2005-3755 Dir. Trav. 2005-11-22 2018-10-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.
4 CVE-2005-3756 2005-11-22 2018-10-19
5.0
None Remote Low Not required Partial None None
Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports.
5 CVE-2005-3899 DoS 2005-11-29 2017-07-20
5.4
None Remote High Not required None None Complete
The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.
6 CVE-2006-5019 +Info 2006-09-27 2018-10-17
5.0
None Remote Low Not required Partial None None
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
7 CVE-2007-2378 2007-04-30 2008-11-13
5.0
None Remote Low Not required Partial None None
The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
8 CVE-2007-4847 2007-09-12 2008-11-15
5.0
None Remote Low Not required Partial None None
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
9 CVE-2007-6212 22 Dir. Trav. 2007-12-04 2017-09-29
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
10 CVE-2008-6996 DoS 2009-08-19 2018-10-11
5.0
None Remote Low Not required None None Partial
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.
11 CVE-2008-7246 399 DoS 2009-09-18 2018-10-11
5.0
None Remote Low Not required None None Partial
Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
12 CVE-2008-7294 264 2011-08-09 2012-08-02
5.8
None Remote Medium Not required None Partial Partial
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
13 CVE-2008-7298 264 2011-08-09 2012-08-02
5.8
None Remote Medium Not required None Partial Partial
The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
14 CVE-2009-0276 Bypass 2009-02-03 2009-02-04
5.0
None Remote Low Not required Partial None None
Cross-domain vulnerability in the V8 JavaScript engine in Google Chrome before 1.0.154.46 allows remote attackers to bypass the Same Origin Policy via a crafted script that accesses another frame and reads its full URL and possibly other sensitive information, or modifies the URL of this frame.
15 CVE-2009-0411 264 +Info 2009-02-03 2017-08-08
5.0
None Remote Low Not required Partial None None
Google Chrome before 1.0.154.46 does not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls and other web script.
16 CVE-2009-1514 399 DoS 2009-05-04 2017-09-29
5.0
None Remote Low Not required None None Partial
Google Chrome 1.0.154.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a throw statement with a long exception value.
17 CVE-2009-2060 287 2009-06-15 2017-08-17
5.8
None Remote Medium Not required Partial Partial None
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
18 CVE-2009-2578 119 DoS Overflow 2009-07-22 2018-10-10
5.0
None Remote Low Not required None None Partial
Google Chrome 2.x through 2.0.172 allows remote attackers to cause a denial of service (application crash) via a long Unicode string argument to the write method, a related issue to CVE-2009-2479.
19 CVE-2009-2656 DoS 2009-08-03 2017-09-15
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.
20 CVE-2009-2955 20 DoS 2009-08-24 2018-10-10
5.0
None Remote Low Not required None None Partial
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
21 CVE-2009-2974 DoS 2009-08-27 2009-08-28
5.0
None Remote Low Not required None None Partial
Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property.
22 CVE-2009-3268 399 DoS 2009-09-18 2018-10-10
5.0
None Remote Low Not required None None Partial
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
23 CVE-2010-0315 2010-01-14 2017-09-19
5.0
None Remote Low Not required Partial None None
WebKit before r53607, as used in Google Chrome before 4.0.249.89, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
24 CVE-2010-0660 200 +Info 2010-02-18 2017-09-19
5.0
None Remote Low Not required Partial None None
Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging.
25 CVE-2010-0662 189 DoS Overflow 2010-02-18 2017-09-19
5.0
None Remote Low Not required None None Partial
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not use the correct variables in calculations designed to prevent integer overflows, which allows attackers to leverage renderer access to cause a denial of service or possibly have unspecified other impact via bitmap data, related to deserialization.
26 CVE-2010-0663 200 +Info 2010-02-18 2017-09-19
5.0
None Remote Low Not required Partial None None
The ParamTraits<SkBitmap>::Read function in common/common_param_traits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data, related to use of a (1) thumbnail database or (2) HTML canvas.
27 CVE-2010-0664 399 DoS 2010-02-18 2017-09-19
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in the ChildProcessSecurityPolicy::CanRequestURL function in browser/child_process_security_policy.cc in Google Chrome before 4.0.249.78 allows remote attackers to cause a denial of service (memory consumption and application crash) via a URL that specifies multiple protocols, as demonstrated by a URL that begins with many repetitions of the view-source: substring.
28 CVE-2010-1029 399 2 DoS Exec Code 2010-03-19 2019-09-26
5.0
None Remote Low Not required None None Partial
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.
29 CVE-2010-1232 399 DoS 2010-04-01 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 4.1.249.1036 allows remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via a malformed SVG document.
30 CVE-2010-1664 119 DoS Overflow Mem. Corr. 2010-05-03 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 4.1.249.1064 does not properly handle HTML5 media, which allows remote attackers to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors.
31 CVE-2010-1992 399 DoS 2010-05-20 2018-10-10
5.0
None Remote Low Not required None None Partial
Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements.
32 CVE-2010-2652 DoS 2010-07-06 2020-08-07
5.0
None Remote Low Not required None None Partial
Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
33 CVE-2010-2899 +Info 2010-07-28 2020-08-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the layout implementation in Google Chrome before 5.0.375.125 allows remote attackers to obtain sensitive information from process memory via unknown vectors.
34 CVE-2010-3115 2010-08-24 2020-08-04
5.0
None Remote Low Not required None Partial None
Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not properly implement the history feature, which might allow remote attackers to spoof the address bar via unspecified vectors.
35 CVE-2010-3118 200 +Info 2010-08-24 2020-08-04
5.0
None Remote Low Not required Partial None None
The autosuggest feature in the Omnibox implementation in Google Chrome before 5.0.375.127 does not anticipate entry of passwords, which might allow remote attackers to obtain sensitive information by reading the network traffic generated by this feature.
36 CVE-2010-3248 2010-09-07 2020-08-03
5.0
None Remote Low Not required None Partial None
Google Chrome before 6.0.472.53 does not properly restrict copying to the clipboard, which has unspecified impact and attack vectors.
37 CVE-2010-3250 2010-09-07 2020-08-03
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Google Chrome before 6.0.472.53 allows remote attackers to enumerate the set of installed extensions via unknown vectors.
38 CVE-2010-3413 DoS 2010-09-16 2020-07-31
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the pop-up blocking functionality in Google Chrome before 6.0.472.59 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
39 CVE-2010-3417 200 +Info 2010-09-16 2020-07-31
5.0
None Remote Low Not required Partial None None
Google Chrome before 6.0.472.59 does not prompt the user before granting access to the extension history, which allows attackers to obtain potentially sensitive information via unspecified vectors.
40 CVE-2010-4033 2010-10-21 2017-09-19
5.0
None Remote Low Not required None Partial None
Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
41 CVE-2010-4038 404 DoS 2010-10-21 2020-07-31
5.0
None Remote Low Not required None None Partial
The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
42 CVE-2010-4482 Bypass 2010-12-07 2017-09-19
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Google Chrome before 8.0.552.215 allows remote attackers to bypass the pop-up blocker via unknown vectors.
43 CVE-2010-4484 DoS 2010-12-07 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.215 does not properly handle HTML5 databases, which allows attackers to cause a denial of service (application crash) via unspecified vectors.
44 CVE-2010-4488 287 DoS 2010-12-07 2017-09-19
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.215 does not properly handle HTTP proxy authentication, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
45 CVE-2010-4576 476 DoS 2010-12-22 2020-07-29
5.0
None Remote Low Not required None None Partial
browser/worker_host/message_port_dispatcher.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle certain postMessage calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code that creates a web worker.
46 CVE-2010-4577 125 DoS 2010-12-22 2020-07-31
5.0
None Remote Low Not required None None Partial
The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit, as used in Google Chrome before 8.0.552.224, Chrome OS before 8.0.552.343, webkitgtk before 1.2.6, and other products does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion."
47 CVE-2010-5073 264 +Info 2011-12-07 2017-09-19
5.0
None Remote Low Not required Partial None None
The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070.
48 CVE-2011-0470 DoS 2011-01-14 2020-07-24
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle extensions notification, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.
49 CVE-2011-0483 704 DoS 2011-01-14 2020-07-24
5.0
None Remote Low Not required None None Partial
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly perform a cast of an unspecified variable during handling of video, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
50 CVE-2011-0680 2011-01-31 2017-08-17
5.0
None Remote Low Not required Partial None None
data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service.
Total number of vulnerabilities : 642   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.