Vulnerabilities in Google Inc.

960 results
Vexday analysis

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-13278In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of EPSS 0.5%CVE-2016-6773An information disclosure vulnerability in the ih264d decoder in Mediaserver could enable a local malicious application to access data outsiEPSS 0.5%CVE-2017-0639An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permEPSS 0.5%CVE-2018-9580A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.EPSS 0.5%CVE-2017-0646An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permEPSS 0.4%CVE-2017-13307A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924.EPSS 0.4%CVE-2017-0490An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as ModeEPSS 0.4%CVE-2017-0667A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. AnEPSS 0.4%CVE-2017-0664A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. AnEPSS 0.4%CVE-2017-0665A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.EPSS 0.4%CVE-2017-0831An elevation of privilege vulnerability in the Android framework (window manager). Product: Android. Versions: 8.0. Android ID: A-37442941.EPSS 0.4%CVE-2017-13239A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132.EPSS 0.4%CVE-2017-0857Another vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65122447.EPSS 0.4%CVE-2017-0600A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause EPSS 0.4%CVE-2017-0645An elevation of privilege vulnerability in Bluetooth could enable a local malicious application to access data outside of its permission levEPSS 0.4%CVE-2017-0786A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. RefEPSS 0.4%CVE-2017-13200An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.EPSS 0.4%CVE-2017-0666A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.EPSS 0.4%CVE-2017-0737A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0EPSS 0.4%CVE-2018-9363In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional executioEPSS 0.4%