Filtered by vendor Google
Subscriptions
Total
12112 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3100 | 1 Google | 1 Android | 2024-08-06 | N/A |
| Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name. | ||||
| CVE-2014-3159 | 1 Google | 2 Android, Chrome | 2024-08-06 | N/A |
| The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. | ||||
| CVE-2014-3152 | 2 Fedoraproject, Google | 3 Fedora, Chrome, V8 | 2024-08-06 | N/A |
| Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. | ||||
| CVE-2014-3164 | 1 Google | 1 Android | 2024-08-06 | N/A |
| cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths. | ||||
| CVE-2014-3157 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library. | ||||
| CVE-2014-3165 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-08-06 | N/A |
| Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. | ||||
| CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-08-06 | N/A |
| The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2014-1939 | 2 Google, Lenovo | 2 Android, Shareit | 2024-08-06 | N/A |
| java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels. | ||||
| CVE-2014-1979 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-08-06 | N/A |
| The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail emoticon POP data in an e-mail message. | ||||
| CVE-2014-1978 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-08-06 | N/A |
| The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | ||||
| CVE-2014-1909 | 2 Google, Opensuse | 3 Android Debug Bridge, Android Sdk Platform Tools, Opensuse | 2024-08-06 | N/A |
| Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow. | ||||
| CVE-2014-1970 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2024-08-06 | N/A |
| Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors. | ||||
| CVE-2014-1748 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. | ||||
| CVE-2014-1701 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events. | ||||
| CVE-2014-1745 | 2 Google, Redhat | 2 Chrome, Enterprise Linux | 2024-08-06 | 7.1 High |
| Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. | ||||
| CVE-2014-1747 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)." | ||||
| CVE-2014-1735 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2024-08-06 | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2014-1734 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2024-08-06 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2014-1726 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. | ||||
| CVE-2014-1749 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||