Vulnerabilities (CVE)

Filtered by CWE-476
Total 1643 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-0349 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2017-05-25 7.2 HIGH 7.8 HIGH
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges.
CVE-2017-9051 1 Libav 1 Libav 2017-05-25 7.5 HIGH 9.8 CRITICAL
libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.
CVE-2017-8825 1 Libetpan Project 1 Libetpan 2017-05-18 5.0 MEDIUM 7.5 HIGH
A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.
CVE-2017-0348 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2017-05-17 7.2 HIGH 7.8 HIGH
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a NULL pointer dereference may lead to denial of service or potential escalation of privileges.
CVE-2017-0341 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2017-05-17 7.2 HIGH 7.8 HIGH
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where user provided input can trigger an access to a pointer that has not been initialized which may lead to denial of service or potential escalation of privileges.
CVE-2017-5625 1 Oneplus 3 Oneplus 3, Oneplus 3t, Oxygenos 2017-05-05 2.1 LOW 4.6 MEDIUM
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition (except 'keystore') by issuing the 'fastboot oem dump <partition>' fastboot command.
CVE-2017-8106 1 Linux 1 Linux Kernel 2017-05-05 4.9 MEDIUM 5.5 MEDIUM
The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.
CVE-2016-6561 1 Illumos 1 Illumos 2017-05-02 7.8 HIGH 7.5 HIGH
illumos smbsrv NULL pointer dereference allows system crash.
CVE-2016-10210 1 Virustotal 1 Yara 2017-05-02 5.0 MEDIUM 7.5 HIGH
libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.
CVE-2016-2036 1 Samsung 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more 2017-04-25 2.1 LOW 5.5 MEDIUM
The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036.
CVE-2016-8723 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2017-04-20 7.8 HIGH 7.5 HIGH
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability.
CVE-2016-8726 1 Moxa 2 Awk-3131a, Awk-3131a Firmware 2017-04-20 7.8 HIGH 7.5 HIGH
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server.
CVE-2017-7380 1 Podofo Project 1 Podofo 2017-04-10 4.3 MEDIUM 5.5 MEDIUM
The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CVE-2017-7383 1 Podofo Project 1 Podofo 2017-04-10 4.3 MEDIUM 5.5 MEDIUM
The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CVE-2016-10218 1 Artifex 1 Ghostscript 2017-04-10 4.3 MEDIUM 5.5 MEDIUM
The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.
CVE-2017-7382 1 Podofo Project 1 Podofo 2017-04-10 4.3 MEDIUM 5.5 MEDIUM
The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CVE-2017-6441 1 Php 1 Php 2017-04-10 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted use of "declare(ticks=" in a PHP script. NOTE: the vendor disputes the classification of this as a vulnerability, stating "Please do not request CVEs for ordinary bugs. CVEs are relevant for security issues only."
CVE-2017-7381 1 Podofo Project 1 Podofo 2017-04-06 4.3 MEDIUM 5.5 MEDIUM
The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.
CVE-2014-9814 1 Imagemagick 1 Imagemagick 2017-04-04 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted wpg file.
CVE-2014-9812 1 Imagemagick 1 Imagemagick 2017-04-04 4.3 MEDIUM 5.5 MEDIUM
ImageMagick allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted ps file.