Vulnerabilidades en Google Inc.

960 resultados
Análisis Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2018-9548In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to locEPSS 0.2%CVE-2016-6769An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This EPSS 0.2%CVE-2016-6708An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompEPSS 0.2%CVE-2017-13212An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, EPSS 0.2%CVE-2017-13213An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. REPSS 0.2%CVE-2017-0744An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34EPSS 0.1%CVE-2017-0751An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. RefeEPSS 0.1%CVE-2017-13154An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0,EPSS 0.1%CVE-2017-0838An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. AndrEPSS 0.1%CVE-2017-13183In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user freEPSS 0.1%CVE-2018-9567On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This maEPSS 0.1%CVE-2015-9016In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been pEPSS 0.1%CVE-2017-0865An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. RefeEPSS 0.1%CVE-2017-13172An elevation of privilege vulnerability in the MediaTek bluetooth driver. Product: Android. Versions: Android kernel. Android ID A-36493287.EPSS 0.1%CVE-2017-13226An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References:EPSS 0.1%CVE-2017-13161An elevation of privilege vulnerability in the Broadcom wireless driver. Product: Android. Versions: Android kernel. Android ID A-63930471. EPSS 0.1%CVE-2017-0864An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-372771EPSS 0.1%CVE-2017-13165MEDIUMAn elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.EPSS 0.1%CVE-2017-0860An elevation of privilege vulnerability in the Android system (inputdispatcher). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, EPSS 0.1%CVE-2018-9519In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of pEPSS 0.1%