Vulnerabilidades em Google Inc.

960 resultados
Análise Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-0452An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of iEPSS 1.0%CVE-2017-0651An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of itsEPSS 1.0%CVE-2017-0462An elevation of privilege vulnerability in the Qualcomm Seemp driver could enable a local malicious application to execute arbitrary code wiEPSS 1.0%CVE-2017-0386An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within theEPSS 1.0%CVE-2018-9489When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi networEPSS 1.0%CVE-2017-0445An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code wEPSS 1.0%CVE-2017-0427An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code withiEPSS 1.0%CVE-2017-0750A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013EPSS 1.0%CVE-2016-6703A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, andEPSS 1.0%CVE-2016-8483An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of itEPSS 1.0%CVE-2017-13216In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local eleEPSS 0.9%CVE-2017-0477A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within theEPSS 0.9%CVE-2018-9452In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote deEPSS 0.9%CVE-2017-0382A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrEPSS 0.9%CVE-2017-0813A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android IDEPSS 0.9%CVE-2016-6701A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file toEPSS 0.9%CVE-2016-8400An information disclosure vulnerability in the NVIDIA librm library (libnvrm) could enable a local malicious application to access data outsEPSS 0.9%CVE-2016-10295An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its EPSS 0.9%CVE-2017-0671A remote code execution vulnerability in the Android libraries. Product: Android. Versions: 4.4.4. Android ID: A-34514762.EPSS 0.9%CVE-2017-0416An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the conteEPSS 0.9%