Search Results (15475 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6630 2 Google, Redhat 2 Chrome, Enterprise Linux 2025-04-11 N/A
The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48 and other products, does not set all elements of a certain Huffman value array during the reading of segments that follow Define Huffman Table (DHT) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.
CVE-2013-6631 1 Google 1 Chrome 2025-04-11 N/A
Use-after-free vulnerability in the Channel::SendRTCPPacket function in voice_engine/channel.cc in libjingle in WebRTC, as used in Google Chrome before 31.0.1650.48 and other products, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger the absence of certain statistics initialization, leading to the skipping of a required DeRegisterExternalTransport call.
CVE-2013-6632 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 N/A
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
CVE-2013-6634 1 Google 1 Chrome 2025-04-11 N/A
The OneClickSigninHelper::ShowInfoBarIfPossible function in browser/ui/sync/one_click_signin_helper.cc in Google Chrome before 31.0.1650.63 uses an incorrect URL during realm validation, which allows remote attackers to conduct session fixation attacks and hijack web sessions by triggering improper sync after a 302 (aka Found) HTTP status code.
CVE-2014-0803 2 Google, Yuichiro Okuyama 3 Android, Tetra Filer, Tetra Filer Free 2025-04-11 N/A
Directory traversal vulnerability in the tetra filer application 2.3.1 and earlier for Android 4.0.3, tetra filer free application 2.3.1 and earlier for Android 4.0.3, tetra filer application 1.5.1 and earlier for Android before 4.0.3, and tetra filer free application 1.5.1 and earlier for Android before 4.0.3 allows attackers to overwrite or create arbitrary files via unspecified vectors.
CVE-2012-1391 2 Google, Mobisynapse 2 Android, Moffice-outlook Sync 2025-04-11 N/A
Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors.
CVE-2010-3246 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 6.0.472.53 does not properly handle the _blank value for the target attribute of unspecified elements, which allows remote attackers to bypass the pop-up blocker via unknown vectors.
CVE-2012-1398 2 Goforandroid, Google 2 Go Weibowidget, Android 2025-04-11 N/A
Unspecified vulnerability in the GO WeiboWidget (com.gau.go.launcherex.gowidget.weibowidget) application 2.4 for Android has unknown impact and attack vectors.
CVE-2012-1400 2 Google, Uplus 2 Android, U\+box 2.0 Pad 2025-04-11 N/A
Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors.
CVE-2010-3253 1 Google 1 Chrome 2025-04-11 N/A
The implementation of notification permissions in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2010-3252 1 Google 1 Chrome 2025-04-11 N/A
Use-after-free vulnerability in the Notifications presenter in Google Chrome before 6.0.472.53 allows attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2011-2357 1 Google 1 Android 2025-04-11 N/A
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by (1) causing the MAX_TAB number of tabs to be opened, then loading a URI to the targeted domain into the current tab, or (2) making two startActivity function calls beginning with the targeted domain's URI followed by the malicious Javascript while the UI focus is still associated with the targeted domain.
CVE-2011-3970 4 Google, Redhat, Suse and 1 more 6 Chrome, Enterprise Linux, Linux Enterprise Desktop and 3 more 2025-04-11 N/A
libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2010-3251 1 Google 1 Chrome 2025-04-11 N/A
The WebSockets implementation in Google Chrome before 6.0.472.53 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
CVE-2012-2859 2 Google, Linux 2 Chrome, Linux Kernel 2025-04-11 N/A
Google Chrome before 21.0.1180.57 on Linux does not properly handle tabs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2010-3254 1 Google 1 Chrome 2025-04-11 N/A
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-1397 2 Goforandroid, Google 2 Go Qqweibowidget, Android 2025-04-11 N/A
Unspecified vulnerability in the GO QQWeiboWidget (com.gau.go.launcherex.gowidget.qqweibowidget) application 1.2 for Android has unknown impact and attack vectors.
CVE-2012-1396 2 Goforandroid, Google 2 Go Fbwidget, Android 2025-04-11 N/A
Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors.
CVE-2008-7294 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
CVE-2012-5150 2 Google, Opensuse 2 Chrome, Opensuse 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.