Vulnerabilities (CVE)

Filtered by CWE-476
Total 2549 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8241 2 Redhat, Tigervnc 5 Enterprise Linux Desktop, Enterprise Linux Hpc Node, Enterprise Linux Server and 2 more 2016-12-20 7.5 HIGH 9.8 CRITICAL
XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
CVE-2016-9888 1 Gnome 1 Libgsf 2016-12-15 4.3 MEDIUM 5.5 MEDIUM
An error within the "tar_directory_for_file()" function (gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
CVE-2016-6692 1 Google 1 Android 2016-12-06 7.5 HIGH 9.8 CRITICAL
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.
CVE-2016-9018 1 Realnetworks 1 Realplayer 2016-11-29 4.3 MEDIUM 5.5 MEDIUM
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
CVE-2016-9296 1 7-zip 1 P7zip 2016-11-29 5.0 MEDIUM 7.5 HIGH
A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.
CVE-2016-7160 1 Samsung 1 Samsung Mobile 2016-11-28 7.8 HIGH 7.5 HIGH
A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.
CVE-2016-7118 1 Debian 1 Debian Linux 2016-11-28 4.9 MEDIUM 5.5 MEDIUM
fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.
CVE-2016-5354 1 Wireshark 1 Wireshark 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-3821 1 Google 1 Android 2016-11-28 7.5 HIGH 9.8 CRITICAL
libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory corruption) via a crafted media file, aka internal bug 28166152.