CWE-822— Untrusted Pointer Dereference
194 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-822page 1 of 4
- CVE-2017-16728HIGHCVSS 7.5EG 7.52018-01-05
An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program…
- CVE-2018-12548CRITICALCVSS 9.8EG 9.82019-01-31
In OpenJDK + Eclipse OpenJ9 version 0.11.0 builds, the public jdk.crypto.jniprovider.NativeCrypto class contains public static natives which accept pointer values that are dereferenced in the native code.
- CVE-2018-14811CRITICALCVSS 9.8EG 9.82018-09-26
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
- CVE-2018-17893CRITICALCVSS 9.8EG 9.82018-10-17
LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution.
- CVE-2018-19029HIGHCVSS 7.8EG 7.82019-02-05
LCDS Laquis SCADA prior to version 4.1.0.4150 allows an attacker using a specially crafted project file to supply a pointer for a controlled memory address, which may allow remote code execution, data exfiltration, or cause a system crash.
- CVE-2018-7497CRITICALCVSS 9.8EG 9.82018-05-15
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrust…
- CVE-2018-7502HIGHCVSS 7.8EG 7.82018-03-23
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerabil…
- CVE-2018-7525MEDIUMCVSS 5.3EG 5.32018-03-21
In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability.
- CVE-2019-13334HIGHCVSS 7.8EG 7.82020-02-08
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op…
- CVE-2020-14392MEDIUMCVSS 5.5EG 5.52020-09-16
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- CVE-2020-17392HIGHCVSS 8.8EG 8.82020-08-25
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit…
- CVE-2020-1899HIGHCVSS 7.5EG 7.52021-03-11
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affec…
- CVE-2020-26991HIGHCVSS 8.8EG 8.82021-01-12
A vulnerability has been identified in JT2Go (All versions < V13.1.0.2), Teamcenter Visualization (All versions < V13.1.0.2). Affected applications lack proper validation of user-supplied data when parsing ASM files. This could lead to poi…
- CVE-2020-26997HIGHCVSS 7.8EG 7.82021-04-22
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplie…
- CVE-2020-27003HIGHCVSS 7.8EG 7.82021-02-09
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing TIFF files. This could lead to po…
- CVE-2020-27259HIGHCVSS 8.8EG 8.82021-02-09
The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code.
- CVE-2020-27277HIGHCVSS 7.8EG 7.82021-01-11
Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
- CVE-2020-27288HIGHCVSS 7.8EG 7.82021-01-26
An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
- CVE-2020-27289HIGHCVSS 7.8EG 7.82021-01-11
Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null pointer dereference issue while processing project files, which may allow an attacker to execute arbitrary code.
- CVE-2021-20239LOWCVSS 3.3EG 3.32021-05-28
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to con…
- CVE-2021-22649HIGHCVSS 7.8EG 7.82021-02-23
Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 have multiple NULL pointer dereference issues while proce…
- CVE-2021-26410LOWCVSS 1.8EG 0.02026-02-10
Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential infor…
- CVE-2021-27496HIGHCVSS 7.8EG 7.82021-05-27
Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions v10.1 and prior lack proper validation of user-supplied data when parsing PRT files. This could lead to pointer der…
- CVE-2021-31481HIGHCVSS 7.8EG 7.82021-06-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2021-31500HIGHCVSS 7.8EG 7.82021-06-15
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page …
- CVE-2021-31504HIGHCVSS 7.8EG 7.82021-08-03
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target m…
- CVE-2021-38401HIGHCVSS 7.8EG 7.82021-12-20
Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.
- CVE-2022-2002HIGHCVSS 7.8EG 7.82022-12-07
GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
- CVE-2022-20796MEDIUMCVSS 6.5EG 5.52022-05-04
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could…
- CVE-2022-22514HIGHCVSS 7.1EG 7.12022-04-07
An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read…
- CVE-2022-26942HIGHCVSS 8.2EG 8.22023-10-19
The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functional…
- CVE-2022-2894HIGHCVSS 7.8EG 7.82022-08-31
Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.
- CVE-2022-34890HIGHCVSS 8.8EG 8.82022-07-18
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system …
- CVE-2022-40533MEDIUMCVSS 6.2EG 6.22023-06-06
Transient DOS due to untrusted Pointer Dereference in core while sending USB QMI request.
- CVE-2022-42396HIGHCVSS 7.8EG 7.82023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
- CVE-2022-42418HIGHCVSS 7.8EG 7.82023-01-26
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic…
- CVE-2023-0184HIGHCVSS 8.8EG 8.82023-04-22
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
- CVE-2023-0189HIGHCVSS 8.8EG 7.82023-04-01
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
- CVE-2023-1437CRITICALCVSS 9.8EG 9.82023-08-02
All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain acc…
- CVE-2023-21643CRITICALCVSS 9.1EG 9.12023-08-08
Memory corruption due to untrusted pointer dereference in automotive during system call.
- CVE-2023-21677HIGHCVSS 7.5EG 7.52023-01-10
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability
- CVE-2023-21768HIGHCVSS 7.8EG 7.82023-01-10
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2023-23394MEDIUMCVSS 5.5EG 5.52023-03-14
Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability
- CVE-2023-25515HIGHCVSS 7.8EG 7.12023-06-23
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure…
- CVE-2023-27342HIGHCVSS 7.8EG 7.82024-05-03
PDF-XChange Editor EMF File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction i…
- CVE-2023-29360HIGHCVSS 8.4EG 9.0⚠ KEV2023-06-14
Microsoft Streaming Service Elevation of Privilege Vulnerability
- CVE-2023-31023MEDIUMCVSS 5.5EG 5.52023-11-02
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.
- CVE-2023-32040MEDIUMCVSS 5.5EG 5.52023-07-11
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability
- CVE-2023-32277MEDIUMCVSS 6.1EG 6.12025-02-12
Untrusted Pointer Dereference in I/O subsystem for some Intel(R) QAT software before version 2.0.5 may allow authenticated user to potentially enable information disclosure via local operating system access.
- CVE-2023-34300HIGHCVSS 7.8EG 7.82024-05-03
Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interactio…
Map vulnerabilities like CWE-822 to your infrastructure
EchelonGraph correlates every CVE — across CWE-822 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →