Google

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-4724 1Google 1Chrome Apr 23, 2026 Oct 23, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT f...Show more Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome 0.2.149.30 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-4340 1Google 1Chrome Apr 23, 2026 Sep 30, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
CVE-2008-3891 1Google 1Google Apps Apr 23, 2026 Sep 3, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and...Show more The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.Show less
CVE-2008-0986 1Google 1Android Sdk Apr 23, 2026 Mar 6, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header...Show more Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.Show less
CVE-2008-0985 1Google 1Android Sdk Apr 23, 2026 Mar 6, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and w...Show more Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.Show less
CVE-2007-6536 1Google 1Toolbar Apr 23, 2026 Dec 27, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier...Show more The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.Show less
CVE-2007-6452 1Google 1Web Toolkit Apr 23, 2026 Dec 20, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
CVE-2007-6212 1Google 1Kml Apr 23, 2026 Dec 4, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the layer parameter.
CVE-2007-5255 1Google 1Mini Search Appliance Apr 23, 2026 Oct 6, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI.
CVE-2007-4847 1Google 1Picasa Apr 23, 2026 Sep 12, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI. NOTE: this information is based upon a vague pre-advisory.
CVE-2007-4824 1Google 1Picasa Apr 23, 2026 Sep 11, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
CVE-2007-4823 1Google 1Picasa Apr 23, 2026 Sep 11, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory.
CVE-2007-3484 1Google 1Custom Search Engine Apr 23, 2026 Jun 28, 2007 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Securi...Show more Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.Show less
CVE-2007-3150 1Google 1Desktop Apr 23, 2026 Jun 11, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a ww...Show more Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.Show less
CVE-2007-2378 1Google 1Web Toolkit Apr 23, 2026 Apr 30, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the da...Show more The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."Show less
CVE-2006-7157 1Google 1Earth Apr 23, 2026 Mar 7, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
CVE-2007-1085 1Google 1Desktop Apr 23, 2026 Feb 23, 2007 N/A· v4 N/A· v3 7.6 HIGH· v2 Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulner...Show more Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.Show less
CVE-2006-6223 1Google 2Mini Search Appliance Search Appliance Apr 23, 2026 Dec 2, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
CVE-2006-5019 1Google 1Mini Search Appliance Apr 23, 2026 Sep 27, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
CVE-2005-3899 1Google 1Talk Apr 16, 2026 Nov 29, 2005 N/A· v4 N/A· v3 5.4 MEDIUM· v2 The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes l...Show more The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.Show less

Previous 1...684 685 686687688 Next