Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-12-16 CVE-2016-8821 Improper Access Control vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges.
local
low complexity
nvidia CWE-284
7.8
2016-12-16 CVE-2016-8820 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potentially allowing an uninitialized value to be used as the source of a strcpy() call, leading to denial of service or information disclosure.
local
low complexity
nvidia CWE-20
6.1
2016-12-16 CVE-2016-8819 Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges.
local
low complexity
nvidia CWE-775
7.8
2016-12-16 CVE-2016-8818 Improper Input Validation vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-20
7.8
2016-12-16 CVE-2016-8817 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-119
7.8
2016-12-16 CVE-2016-8816 Improper Validation of Array Index vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-129
7.8
2016-12-16 CVE-2016-8815 Improper Validation of Array Index vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-129
7.8
2016-12-16 CVE-2016-8814 NULL Pointer Dereference vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-476
7.8
2016-12-16 CVE-2016-8813 NULL Pointer Dereference vulnerability in Nvidia GPU Driver
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, leading to denial of service or potential escalation of privileges.
local
low complexity
nvidia CWE-476
7.8
2016-12-16 CVE-2016-9967 7PK - Errors vulnerability in Samsung Mobile
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges.
network
low complexity
samsung CWE-388
critical
9.8