Vulnerabilidades em Google Inc.

960 resultados

Análise Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-0766—A remote code execution vulnerability in the Android media framework (libjhead). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1EPSS 1.1%CVE-2017-0584—An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of itEPSS 1.1%CVE-2017-0586—An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of itEPSS 1.1%CVE-2017-0476—A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption dEPSS 1.0%CVE-2017-0537—An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside ofEPSS 1.0%CVE-2017-13277—In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote coEPSS 1.0%CVE-2016-8406—An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could EPSS 1.0%CVE-2016-8403—An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could EPSS 1.0%CVE-2016-8402—An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could EPSS 1.0%CVE-2016-8401—An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could EPSS 1.0%CVE-2016-8407—An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could EPSS 1.0%CVE-2016-8416—An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of itEPSS 1.0%CVE-2016-8478—An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of itEPSS 1.0%CVE-2016-10292—A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi sEPSS 1.0%CVE-2017-0691—A denial of service vulnerability in the Android media framework. Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36724453.EPSS 1.0%CVE-2017-0624—An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of itEPSS 1.0%CVE-2017-0626—An information disclosure vulnerability in the Qualcomm crypto engine driver could enable a local malicious application to access data outsiEPSS 1.0%CVE-2017-0814—An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android IDEPSS 1.0%CVE-2017-0554—An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outsideEPSS 1.0%CVE-2017-0433—An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary EPSS 1.0%

← anteriorpágina 17 / 48próxima →