CWE-822
Untrusted Pointer Dereference
Description
The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-129
CVEs mapped to this weakness (35)
page 1 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-14811 | Cri | 0.64 | 9.8 | 0.04 | Sep 26, 2018 | Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution. | ||
| CVE-2018-7497 | Cri | 0.64 | 9.8 | 0.03 | May 15, 2018 | In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities… | ||
| CVE-2025-4993 | Cri | 0.59 | 9.1 | 0.00 | Sep 23, 2025 | Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0… | ||
| CVE-2026-33120 | Hig | 0.57 | 8.8 | 0.01 | Apr 14, 2026 | Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | ||
| CVE-2026-40367 | Hig | 0.55 | 8.4 | 0.00 | May 12, 2026 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-20738 | Hig | 0.55 | — | 0.00 | May 12, 2026 | Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may… | ||
| CVE-2026-33114 | Hig | 0.55 | 8.4 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2024-36352 | Hig | 0.55 | 8.4 | 0.00 | Sep 6, 2025 | Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service. | ||
| CVE-2025-20018 | — | Hig | 0.55 | 8.4 | 0.00 | May 13, 2025 | Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. | |
| CVE-2024-34023 | Hig | 0.55 | 8.4 | 0.00 | Nov 13, 2024 | Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-40872 | Hig | 0.55 | 8.4 | 0.00 | Jul 25, 2024 | There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the… | ||
| CVE-2023-42772 | — | Hig | 0.53 | 8.2 | 0.00 | Sep 16, 2024 | Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access. | |
| CVE-2026-45645 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45643 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-45471 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-40369 | Hig | 0.51 | 7.8 | 0.05 | May 12, 2026 | Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-47408 | Hig | 0.51 | 7.8 | 0.00 | May 4, 2026 | Memory corruption when another driver calls an IOCTL with invalid input/output buffer. | ||
| CVE-2025-47405 | Hig | 0.51 | 7.8 | 0.00 | May 4, 2026 | Memory corruption when processing camera sensor input/output control codes with invalid output buffers. | ||
| CVE-2026-32222 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32077 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. |
- risk 0.64cvss 9.8epss 0.04
Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.
- risk 0.64cvss 9.8epss 0.03
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several untrusted pointer dereference vulnerabilities…
- risk 0.59cvss 9.1epss 0.00
Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 before 6.0.1.43, from 5.3.0…
- risk 0.57cvss 8.8epss 0.01
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
- risk 0.55cvss 8.4epss 0.00
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss —epss 0.00
Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may…
- risk 0.55cvss 8.4epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.55cvss 8.4epss 0.00
Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.
- risk 0.55cvss 8.4epss 0.00
Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.55cvss 8.4epss 0.00
Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.55cvss 8.4epss 0.00
There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the…
- risk 0.53cvss 8.2epss 0.00
Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.05
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Memory corruption when another driver calls an IOCTL with invalid input/output buffer.
- risk 0.51cvss 7.8epss 0.00
Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.