Vulnerabilidades em Google Inc.

960 resultados

Análise Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-0854—An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android IDEPSS 0.5%CVE-2017-0402—An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious aEPSS 0.5%CVE-2017-0560—An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previouEPSS 0.5%CVE-2016-6753—An information disclosure vulnerability in kernel components, including the process-grouping subsystem and the networking subsystem, in AndrEPSS 0.5%CVE-2017-0398—An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission lEPSS 0.5%CVE-2017-0397—An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to accessEPSS 0.5%CVE-2017-0401—An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enabEPSS 0.5%CVE-2017-0822—An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android IEPSS 0.5%CVE-2017-0603—A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a devicEPSS 0.5%CVE-2017-13189—A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: EPSS 0.5%CVE-2017-13186—A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1,EPSS 0.5%CVE-2017-13190—A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. VersEPSS 0.5%CVE-2017-13149—An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android IDEPSS 0.5%CVE-2017-13150—An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android IDEPSS 0.5%CVE-2017-0778—A information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-62EPSS 0.5%CVE-2016-6710—An information disclosure vulnerability in the download manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, anEPSS 0.5%CVE-2017-0399—An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enabEPSS 0.5%CVE-2017-0647—An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permissionEPSS 0.5%CVE-2017-0396—An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious appliEPSS 0.5%CVE-2017-0400—An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious aEPSS 0.5%

← anteriorpágina 33 / 48próxima →