Vulnerabilities > Google > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-29 | CVE-2009-3456 | Cryptographic Issues vulnerability in Google Chrome Google Chrome, possibly 3.0.195.21 and earlier, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
| 2009-04-24 | CVE-2009-1412 | Information Exposure vulnerability in Google Chrome Argument injection vulnerability in the chromehtml: protocol handler in Google Chrome before 1.0.154.59, when invoked by Internet Explorer, allows remote attackers to determine the existence of files, and open tabs for URLs that do not satisfy the IsWebSafeScheme restriction, via a web page that sets document.location to a chromehtml: value, as demonstrated by use of a (1) javascript: or (2) data: URL. | 7.8 |
| 2008-09-03 | CVE-2008-3891 | Improper Authentication vulnerability in Google Apps The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field. | 7.5 |
| 2008-03-06 | CVE-2008-0986 | Numeric Errors vulnerability in Google Android SDK M5Rc14 Integer overflow in the BMP::readFromStream method in the libsgl.so library in Google Android SDK m3-rc37a and earlier, and m5-rc14, allows remote attackers to execute arbitrary code via a crafted BMP file with a header containing a negative offset field. | 7.5 |
| 2007-09-11 | CVE-2007-4823 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Picasa Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. | 7.5 |
| 2007-03-07 | CVE-2006-7157 | Buffer Errors vulnerability in Google Earth 4.0.2091 Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element. | 7.1 |
| 2007-02-23 | CVE-2007-1085 | Unspecified vulnerability in Google Desktop Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. | 7.6 |
| 2005-11-22 | CVE-2005-3757 | Remote vulnerability in Google Mini Search Appliance and Search Appliance The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec. | 7.5 |
| 2003-04-11 | CVE-2002-1442 | Unspecified vulnerability in Google Toolbar The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check. | 7.5 |