Vulnerabilidades en Google Inc.

960 resultados
Análisis Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2016-8414An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious applicationEPSS 0.7%CVE-2016-8436An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code wiEPSS 0.7%CVE-2017-13204An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. AnEPSS 0.7%CVE-2016-6730An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to EPSS 0.7%CVE-2016-6731An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to EPSS 0.7%CVE-2016-6733An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to EPSS 0.7%CVE-2016-6732An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to EPSS 0.7%CVE-2017-0636An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitraryEPSS 0.7%CVE-2017-0649An elevation of privilege vulnerability in the MediaTek sound driver could enable a local malicious application to execute arbitrary code wiEPSS 0.7%CVE-2017-0643A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or rEPSS 0.7%CVE-2017-0640A remote denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or rEPSS 0.7%CVE-2017-13222An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576.EPSS 0.7%CVE-2017-0413An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections EPSS 0.7%CVE-2017-0420An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that EPSS 0.7%CVE-2016-10231An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-339669EPSS 0.7%CVE-2016-6737An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application EPSS 0.6%CVE-2016-6736An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to EPSS 0.6%CVE-2016-6739An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious applicatioEPSS 0.6%CVE-2017-0389A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a devicEPSS 0.6%CVE-2017-13234In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial EPSS 0.6%