Vulnerabilidades en Google Inc.

960 resultados

Análisis Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2016-6781—An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within tEPSS 1.4%CVE-2017-0587—A remote code execution vulnerability in libmpeg2 in Mediaserver could enable an attacker using a specially crafted file to cause memory corEPSS 1.3%CVE-2017-0589—A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corrEPSS 1.3%CVE-2017-0590—A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corrEPSS 1.3%CVE-2017-0588—A remote code execution vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable an attacker using a specially crafted filEPSS 1.3%CVE-2017-0591—A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruEPSS 1.3%CVE-2017-0592—A remote code execution vulnerability in FLACExtractor.cpp in libstagefright in Mediaserver could enable an attacker using a specially craftEPSS 1.3%CVE-2017-0841—A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.EPSS 1.3%CVE-2017-13259—In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to reEPSS 1.3%CVE-2017-0809—A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0,EPSS 1.3%CVE-2017-0760—A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7EPSS 1.3%CVE-2017-0758—A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7EPSS 1.3%CVE-2017-0761—A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.EPSS 1.3%CVE-2017-0764—A remote code execution vulnerability in the Android media framework (libvorbis). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.EPSS 1.3%CVE-2016-8452—An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code wiEPSS 1.3%CVE-2016-8450—An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code wiEPSS 1.3%CVE-2017-0834—A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, EPSS 1.3%CVE-2017-0835—A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, EPSS 1.3%CVE-2017-0833—A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.EPSS 1.3%CVE-2016-8468—An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context ofEPSS 1.3%

← anteriorpágina 12 / 48siguiente →