Vulnerabilities > Google > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-11-15 | CVE-2012-5851 | Cross-Site Scripting vulnerability in multiple products html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108. | 4.3 |
2012-11-06 | CVE-2011-5238 | Improper Input Validation vulnerability in Google Checkout-PHP google-checkout-php-sample-code before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-11-04 | CVE-2012-5820 | Improper Input Validation vulnerability in Google Admob The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 5.8 |
2012-10-10 | CVE-2012-3987 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | 4.0 |
2012-09-28 | CVE-2012-4017 | Code Injection vulnerability in Jb+ Jigbrowser+ 1.0.5/1.5.0/1.5.5 The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 4.3 |
2012-09-28 | CVE-2012-4016 | Permissions, Privileges, and Access Controls vulnerability in Justsystems Atok The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | 4.3 |
2012-09-15 | CVE-2012-4360 | Cross-Site Scripting vulnerability in Google MOD Pagespeed 0.10.19.1/0.10.22.4 Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-09-15 | CVE-2012-4001 | Improper Input Validation vulnerability in Google MOD Pagespeed The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers. | 5.0 |
2012-09-13 | CVE-2012-4909 | Information Exposure vulnerability in Google Chrome Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | 4.3 |
2012-09-13 | CVE-2012-4906 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | 5.0 |