Vulnerabilities in Google Inc.

960 results
Vexday analysis

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-13221An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-647099EPSS 0.2%CVE-2017-6423An elevation of privilege vulnerability in the Qualcomm kyro L2 driver. Product: Android. Versions: Android kernel. Android ID: A-32831370. EPSS 0.2%CVE-2018-9525In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a pEPSS 0.2%CVE-2017-13174An elevation of privilege vulnerability in the kernel edl. Product: Android. Versions: Android kernel. Android ID A-63100473.EPSS 0.2%CVE-2017-13293In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to EPSS 0.2%CVE-2018-9522In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which EPSS 0.2%CVE-2017-13231In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no aEPSS 0.2%CVE-2018-9557In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local eEPSS 0.2%CVE-2017-13287In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lEPSS 0.2%CVE-2018-9558In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to locEPSS 0.2%CVE-2017-13290In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local infEPSS 0.2%CVE-2018-9538In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function EPSS 0.2%CVE-2018-9547In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation ofEPSS 0.2%CVE-2018-9559In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to EPSS 0.2%CVE-2018-9545In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalaEPSS 0.2%CVE-2017-0842An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. AEPSS 0.2%CVE-2018-9554In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. This cEPSS 0.2%CVE-2017-13273In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional EPSS 0.2%CVE-2018-9513In copy_process of fork.c, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with nEPSS 0.2%CVE-2017-0862An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.EPSS 0.2%