Vulnerabilities (CVE)

Filtered by CWE-476
Total 2991 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4119 1 Freerdp 1 Freerdp 2024-02-28 5.0 MEDIUM 7.5 HIGH
FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished.
CVE-2016-2782 2 Linux, Suse 8 Linux Kernel, Linux Enterprise Debuginfo, Linux Enterprise Desktop and 5 more 2024-02-28 4.9 MEDIUM 4.6 MEDIUM
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
CVE-2015-4443 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-02-28 5.0 MEDIUM N/A
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4444.
CVE-2015-4444 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-02-28 5.0 MEDIUM N/A
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors, a different vulnerability than CVE-2015-4443.
CVE-2016-6317 1 Rubyonrails 1 Rails 2024-02-28 5.0 MEDIUM 7.5 HIGH
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660, CVE-2012-2694, and CVE-2013-0155.
CVE-2016-1803 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 6.8 MEDIUM 7.8 HIGH
CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-4696 1 Apple 1 Mac Os X 2024-02-28 9.3 HIGH 7.8 HIGH
AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2015-3194 4 Canonical, Debian, Nodejs and 1 more 4 Ubuntu Linux, Debian Linux, Node.js and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
CVE-2016-1814 1 Apple 3 Iphone Os, Mac Os X, Tvos 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-7130 1 Php 1 Php 2024-02-28 5.0 MEDIUM 7.5 HIGH
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid base64 binary value, as demonstrated by a wddx_deserialize call that mishandles a binary element in a wddxPacket XML document.
CVE-2016-4450 3 Canonical, Debian, F5 3 Ubuntu Linux, Debian Linux, Nginx 2024-02-28 5.0 MEDIUM 7.5 HIGH
os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a crafted request, involving writing a client request body to a temporary file.
CVE-2016-1865 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2016-5354 1 Wireshark 1 Wireshark 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2016-6292 1 Php 1 Php 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image.
CVE-2015-7515 1 Linux 1 Linux Kernel 2024-02-28 4.9 MEDIUM 4.6 MEDIUM
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
CVE-2016-1813 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2024-02-28 9.3 HIGH 7.8 HIGH
The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
CVE-2016-9117 1 Uclouvain 1 Openjpeg 2024-02-28 4.3 MEDIUM 6.5 MEDIUM
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
CVE-2016-7131 1 Php 1 Php 2024-02-28 5.0 MEDIUM 7.5 HIGH
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via a malformed wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a tag that lacks a < (less than) character.
CVE-2015-8926 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.
CVE-2016-6692 1 Google 1 Android 2024-02-28 7.5 HIGH 9.8 CRITICAL
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.