Vulnerabilidades en Google Inc.

960 resultados
Análisis Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-13296A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8EPSS 0.3%CVE-2017-13298A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, EPSS 0.3%CVE-2017-13297A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, EPSS 0.3%CVE-2016-6715An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x beforEPSS 0.3%CVE-2017-13271A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006EPSS 0.3%CVE-2016-8396An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of itEPSS 0.3%CVE-2017-0670A denial of service vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. AndroidEPSS 0.3%CVE-2016-6719An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x EPSS 0.3%CVE-2016-6716An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to cEPSS 0.3%CVE-2016-6763A denial of service vulnerability in Telephony could enable a local malicious application to use a specially crafted file to cause a device EPSS 0.3%CVE-2017-0728A denial of service vulnerability in the Android media framework (hevc decoder). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, EPSS 0.3%CVE-2017-0395An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This EPSS 0.3%CVE-2017-0774A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0EPSS 0.3%CVE-2017-0780A denial of service vulnerability in the Android runtime (android messenger). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0EPSS 0.3%CVE-2017-0771A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-376EPSS 0.3%CVE-2017-0772A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. AEPSS 0.3%CVE-2017-0775A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0EPSS 0.3%CVE-2017-0773A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1EPSS 0.3%CVE-2017-0736A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. AndroiEPSS 0.3%CVE-2017-13286In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could leEPSS 0.3%