Vulnerabilidades en Google Inc.

960 resultados

Análisis Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-0418—An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the conteEPSS 0.9%CVE-2017-0417—An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the conteEPSS 0.9%CVE-2017-0415—An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the conteEPSS 0.9%CVE-2017-0419—An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the conteEPSS 0.9%CVE-2016-6704—An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-EPSS 0.9%CVE-2018-9526—In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interEPSS 0.9%CVE-2017-0429—An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code withinEPSS 0.9%CVE-2017-0428—An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code withinEPSS 0.9%CVE-2017-0638—A remote code execution vulnerability in System UI component could enable an attacker using a specially crafted file to execute arbitrary coEPSS 0.9%CVE-2017-0381—An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to accEPSS 0.9%CVE-2017-0749—A elevation of privilege vulnerability in the Upstream Linux linux kernel. Product: Android. Versions: Android kernel. Android ID: A-3600773EPSS 0.9%CVE-2018-9504—In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remotEPSS 0.9%CVE-2017-13225—In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as EPSS 0.9%CVE-2017-0393—A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device EPSS 0.9%CVE-2017-0531—An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of itEPSS 0.9%CVE-2017-0439—An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code wiEPSS 0.9%CVE-2017-0563—An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code wEPSS 0.9%CVE-2016-8411—Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 3180EPSS 0.9%CVE-2017-0430—An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code wiEPSS 0.9%CVE-2017-0450—An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the conteEPSS 0.9%

← anteriorpágina 19 / 48siguiente →