Vulnerabilities > Google > Medium

DATE CVE VULNERABILITY TITLE RISK
2012-11-15 CVE-2012-5851 Cross-Site Scripting vulnerability in multiple products
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
network
apple google CWE-79
4.3
2012-11-06 CVE-2011-5238 Improper Input Validation vulnerability in Google Checkout-PHP
google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
google CWE-20
5.8
2012-11-04 CVE-2012-5820 Improper Input Validation vulnerability in Google Admob
The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
network
google CWE-20
5.8
2012-10-10 CVE-2012-3987 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.
network
high complexity
mozilla google CWE-264
4.0
2012-09-28 CVE-2012-4017 Code Injection vulnerability in Jb+ Jigbrowser+ 1.0.5/1.5.0/1.5.5
The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
network
google jb CWE-94
4.3
2012-09-28 CVE-2012-4016 Permissions, Privileges, and Access Controls vulnerability in Justsystems Atok
The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.
4.3
2012-09-15 CVE-2012-4360 Cross-Site Scripting vulnerability in Google MOD Pagespeed 0.10.19.1/0.10.22.4
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
google apache CWE-79
4.3
2012-09-15 CVE-2012-4001 Improper Input Validation vulnerability in Google MOD Pagespeed
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
network
low complexity
google apache CWE-20
5.0
2012-09-13 CVE-2012-4909 Information Exposure vulnerability in Google Chrome
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
network
google CWE-200
4.3
2012-09-13 CVE-2012-4906 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
network
low complexity
google CWE-264
5.0