Vulnerabilities in Google Inc.

960 results

Vexday analysis

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2016-8417—An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code wEPSS 1.5%CVE-2017-0460—An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary coEPSS 1.5%CVE-2017-0810—A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, EPSS 1.5%CVE-2017-0811—A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7EPSS 1.5%CVE-2017-0463—An elevation of privilege vulnerability in the Qualcomm networking driver could enable a local malicious application to execute arbitrary coEPSS 1.5%CVE-2016-8455—An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2017-0607—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2017-0606—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2017-0611—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2016-10286—An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2017-0608—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2016-10284—An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2017-0609—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2016-10291—An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code EPSS 1.5%CVE-2017-0610—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2016-10287—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2017-0621—An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code wEPSS 1.5%CVE-2017-0614—An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious applEPSS 1.5%CVE-2017-0612—An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious applEPSS 1.5%CVE-2017-13228—In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. ThiEPSS 1.5%

← previouspage 9 / 48next →