Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2008-09-03 CVE-2008-3891 Improper Authentication vulnerability in Google Apps
The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field.
network
low complexity
google CWE-287
7.5
2008-03-06 CVE-2008-0986 Numeric Errors vulnerability in Google Android SDK M5Rc14
Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field.
network
low complexity
google CWE-189
7.5
2008-03-06 CVE-2008-0985 Buffer Errors vulnerability in Google Android SDK M3Rc37A
Heap-based buffer overflow in the GIF library in the WebKit framework for Google Android SDK m3-rc37a and earlier allows remote attackers to execute arbitrary code via a crafted GIF file whose logical screen height and width are different than the actual height and width.
network
google CWE-119
6.8
2007-12-27 CVE-2007-6536 Information Exposure vulnerability in Google Toolbar 4/5
The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier for remote attackers to spoof domain names and trick users into installing malicious button XML files, as demonstrated by presenting www.google.com when the button was downloaded from an arbitrary site through an open redirector on www.google.com.
network
google CWE-200
6.8
2007-12-20 CVE-2007-6452 Cross-Site Scripting vulnerability in Google web Toolkit 1.4.60
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
network
google CWE-79
4.3
2007-12-04 CVE-2007-6212 Path Traversal vulnerability in Google KML 1.1
Directory traversal vulnerability in region.php in KML share 1.1 allows remote attackers to read arbitrary files via a ..
network
low complexity
google CWE-22
5.0
2007-10-06 CVE-2007-5255 Cross-Site Scripting vulnerability in Google Mini Search Appliance 3.4.14
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI.
network
google CWE-79
4.3
2007-09-12 CVE-2007-4847 Remote Security vulnerability in Picasa
Google Picasa allows remote attackers to read image files stored by Picasa via unspecified vectors involving a picasa:// URI.
network
low complexity
google
5.0
2007-09-11 CVE-2007-4824 Remote Security vulnerability in Picasa
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact.
network
google
6.8
2007-09-11 CVE-2007-4823 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Picasa
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact.
network
low complexity
google CWE-119
7.5