Vulnerabilidades em Google Inc.

960 resultados
Análise Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2018-9544In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information diEPSS 0.2%CVE-2017-0498A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. ThisEPSS 0.2%CVE-2018-9457In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass.EPSS 0.2%CVE-2018-9560In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalatiEPSS 0.2%CVE-2017-0870An elevation of privilege vulnerability in the Android framework (libminikin). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.EPSS 0.2%CVE-2017-13171An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-643165EPSS 0.2%CVE-2017-0388An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external sEPSS 0.2%CVE-2017-13170An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. REPSS 0.2%CVE-2017-0871An elevation of privilege vulnerability in the Android framework (framework base). Product: Android. Versions: 8.0. Android ID A-65281159.EPSS 0.2%CVE-2017-0837An elevation of privilege vulnerability in the Android media framework (libaudiopolicymanager). Product: Android. Versions: 5.1.1, 6.0, 6.0.EPSS 0.2%CVE-2017-13153An elevation of privilege vulnerability in the Android media framework (libaudioservice). Product: Android. Versions: 8.0. Android ID A-6528EPSS 0.2%CVE-2017-13173An elevation of privilege vulnerability in the MediaTek system server. Product: Android. Versions: Android kernel. Android ID A-28067350. ReEPSS 0.2%CVE-2017-13247In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation ofEPSS 0.2%CVE-2017-0843An elevation of privilege vulnerability in the MediaTek ccci. Product: Android. Versions: Android kernel. Android ID: A-62670819. ReferencesEPSS 0.2%CVE-2017-13275In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local infoEPSS 0.2%CVE-2017-13238In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. ThiEPSS 0.2%CVE-2017-0863An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950EPSS 0.2%CVE-2017-13163An elevation of privilege vulnerability in the kernel mtp usb driver. Product: Android. Versions: Android kernel. Android ID A-37429972.EPSS 0.2%CVE-2017-13244A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986.EPSS 0.2%CVE-2017-13245A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347.EPSS 0.2%