Vulnerabilities in Google Inc.

960 results

Vexday analysis

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-0615—An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code wiEPSS 0.5%CVE-2017-0617—An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code wiEPSS 0.5%CVE-2017-13274—In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect secuEPSS 0.5%CVE-2017-0559—An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levelEPSS 0.5%CVE-2017-13279—In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lEPSS 0.5%CVE-2017-0555—An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its peEPSS 0.5%CVE-2017-0619—An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrarEPSS 0.5%CVE-2018-9444—In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary EPSS 0.5%CVE-2017-0497—A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. EPSS 0.5%CVE-2016-6767—A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. EPSS 0.5%CVE-2018-9552—In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information EPSS 0.5%CVE-2016-6765—A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a devicEPSS 0.5%CVE-2014-9910—An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code wiEPSS 0.5%CVE-2017-13240—A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819.EPSS 0.5%CVE-2017-13242—A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.EPSS 0.5%CVE-2017-13246—A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469.EPSS 0.5%CVE-2017-13241—A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, EPSS 0.5%CVE-2017-0556—An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its EPSS 0.5%CVE-2016-10276—An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code withEPSS 0.5%CVE-2014-9909—An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code wiEPSS 0.5%

← previouspage 31 / 48next →