Filtered by vendor Google
Subscribe
Total
12830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7902 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | |||||
| CVE-2014-7922 | 1 Google | 1 Play Services Sdk | 2023-11-07 | 4.3 MEDIUM | N/A |
| The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument. | |||||
| CVE-2014-7934 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures. | |||||
| CVE-2014-7903 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. | |||||
| CVE-2014-7909 | 1 Google | 1 Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. | |||||
| CVE-2014-7921 | 1 Google | 1 Android | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | |||||
| CVE-2014-7933 | 2 Ffmpeg, Google | 2 Ffmpeg, Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska file that triggers improper maintenance of tracks data. | |||||
| CVE-2014-7905 | 1 Google | 1 Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. | |||||
| CVE-2014-7913 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2023-11-07 | 6.8 MEDIUM | N/A |
| The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message. | |||||
| CVE-2014-7911 | 1 Google | 1 Android | 2023-11-07 | 7.2 HIGH | N/A |
| luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | |||||
| CVE-2014-7907 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. | |||||
| CVE-2014-7899 | 1 Google | 1 Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. | |||||
| CVE-2014-7917 | 1 Google | 1 Android | 2023-11-07 | 10.0 HIGH | N/A |
| Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. | |||||
| CVE-2014-7904 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-7927 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | |||||
| CVE-2014-7923 | 6 Canonical, Google, Icu-project and 3 more | 9 Ubuntu Linux, Chrome, International Components For Unicode and 6 more | 2023-11-07 | 7.5 HIGH | N/A |
| The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. | |||||
| CVE-2014-7924 | 1 Google | 1 Chrome | 2023-11-07 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc. | |||||
| CVE-2014-7925 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode data is improperly maintained. | |||||
| CVE-2014-7910 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2014-7929 | 1 Google | 1 Chrome | 2023-11-07 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents. | |||||