Vulnerabilities in Google Inc.

960 results

Vexday analysis

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-0468—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%CVE-2017-0471—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%CVE-2017-0466—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%CVE-2017-0470—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%CVE-2017-0473—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%CVE-2017-0467—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%CVE-2017-0469—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%CVE-2015-9014—An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-3639EPSS 1.4%CVE-2016-6778—An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code wEPSS 1.4%CVE-2016-6780—An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code wEPSS 1.4%CVE-2017-0722—A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6EPSS 1.4%CVE-2017-0714—A remote code execution vulnerability in the Android media framework (h263 decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6EPSS 1.4%CVE-2017-0719—A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.EPSS 1.4%CVE-2017-0720—A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7EPSS 1.4%CVE-2017-0678—A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36576151.EPSS 1.4%CVE-2017-0718—A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.EPSS 1.4%CVE-2017-0700—A remote code execution vulnerability in the Android system ui. Product: Android. Versions: 7.1.1, 7.1.2. Android ID: A-35639138.EPSS 1.4%CVE-2017-0745—A remote code execution vulnerability in the Android media framework (avc decoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.EPSS 1.4%CVE-2016-6782—An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within tEPSS 1.4%CVE-2016-6781—An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within tEPSS 1.4%

← previouspage 11 / 48next →