Vulnerabilidades em Google Inc.

960 resultados

Análise Vexday

Com 960 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o perfil de exploração ativa do Google Inc. está abaixo da média geral do catálogo, o que sugere menor pressão imediata de ataques em curso. Apesar da ausência de severidades críticas e de novas vulnerabilidades nos últimos 90 dias, há 16 CVEs com prova de conceito pública disponível, o que representa um vetor de risco concreto para equipes que ainda não aplicaram as correções correspondentes. A falha mais recorrente é CWE-269 (gerenciamento inadequado de privilégios), padrão que tipicamente favorece escalonamento de privilégios e movimentação lateral em ambientes comprometidos. A CVE mais perigosa atualmente rastreada é CVE-2017-0561, com EPSS de 0,30, indicando probabilidade não negligenciável de exploração e justificando atenção prioritária mesmo tratando-se de uma vulnerabilidade mais antiga.

CVE-2017-0457—An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code EPSS 1.5%CVE-2017-0526—An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2017-0527—An elevation of privilege vulnerability in the HTC Sensor Hub Driver could enable a local malicious application to execute arbitrary code wiEPSS 1.5%CVE-2016-8394—An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary EPSS 1.5%CVE-2017-0630—An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of iEPSS 1.4%CVE-2018-9490—In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalEPSS 1.4%CVE-2016-8393—An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary EPSS 1.4%CVE-2017-0878—A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 8.0. Android ID A-65186291.EPSS 1.4%CVE-2017-0877—A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-66372937.EPSS 1.4%CVE-2017-0872—A remote code execution vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android EPSS 1.4%CVE-2017-0876—A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0. Android ID A-64964675.EPSS 1.4%CVE-2017-13151—A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, EPSS 1.4%CVE-2017-0622—An elevation of privilege vulnerability in the Goodix touchscreen driver could enable a local malicious application to execute arbitrary codEPSS 1.4%CVE-2017-0623—An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within thEPSS 1.4%CVE-2016-8453—An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code wiEPSS 1.4%CVE-2016-8444—An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within tEPSS 1.4%CVE-2018-9536—In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execEPSS 1.4%CVE-2017-0505—An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and EPSS 1.4%CVE-2016-10288—An elevation of privilege vulnerability in the Qualcomm LED driver could enable a local malicious application to execute arbitrary code withEPSS 1.4%CVE-2017-0468—A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption duriEPSS 1.4%

← anteriorpágina 10 / 48próxima →