Common Weakness Enumeration

CWE-114

Discouraged

Process Control

Abstraction: Class · Status: Incomplete

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

37 vulnerabilities reference this CWE, most recent first.

CVE-2019-8453 (GCVE-0-2019-8453)

Vulnerability from cvelistv5 – Published: 2019-04-17 14:06 – Updated: 2024-08-04 21:17
VLAI
Summary
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Check Point ZoneAlarm Affected: up to 15.4.062
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:17:31.426Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960"
          },
          {
            "name": "108029",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108029"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Check Point ZoneAlarm",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "up to 15.4.062"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-114",
              "description": "CWE-114",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T15:06:11.000Z",
        "orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
        "shortName": "checkpoint"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960"
        },
        {
          "name": "108029",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108029"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@checkpoint.com",
          "ID": "CVE-2019-8453",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Check Point ZoneAlarm",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "up to 15.4.062"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-114"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960",
              "refsource": "MISC",
              "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960"
            },
            {
              "name": "108029",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108029"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
    "assignerShortName": "checkpoint",
    "cveId": "CVE-2019-8453",
    "datePublished": "2019-04-17T14:06:40.000Z",
    "dateReserved": "2019-02-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T21:17:31.426Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-3JPM-WF77-VWQX

Vulnerability from github – Published: 2026-03-18 18:31 – Updated: 2026-03-18 18:31
VLAI
Details

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-26945"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-18T18:16:26Z",
    "severity": "MODERATE"
  },
  "details": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability.  A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.",
  "id": "GHSA-3jpm-wf77-vwqx",
  "modified": "2026-03-18T18:31:18Z",
  "published": "2026-03-18T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26945"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52JJ-6W68-3M25

Vulnerability from github – Published: 2024-08-27 12:30 – Updated: 2025-05-17 00:30
VLAI
Details

In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.

Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-8207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114",
      "CWE-610"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-27T12:15:04Z",
    "severity": "MODERATE"
  },
  "details": "In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue",
  "id": "GHSA-52jj-6w68-3m25",
  "modified": "2025-05-17T00:30:25Z",
  "published": "2024-08-27T12:30:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-69507"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250516-0009"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-67G9-M5C8-562G

Vulnerability from github – Published: 2025-03-18 18:30 – Updated: 2025-03-18 18:30
VLAI
Details

IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56347"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-18T17:15:44Z",
    "severity": "CRITICAL"
  },
  "details": "IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.",
  "id": "GHSA-67g9-m5c8-562g",
  "modified": "2025-03-18T18:30:49Z",
  "published": "2025-03-18T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56347"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7186621"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-68FX-M736-WFWF

Vulnerability from github – Published: 2025-03-18 18:30 – Updated: 2025-03-18 18:30
VLAI
Details

IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-56346"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-18T17:15:44Z",
    "severity": "CRITICAL"
  },
  "details": "IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.",
  "id": "GHSA-68fx-m736-wfwf",
  "modified": "2025-03-18T18:30:49Z",
  "published": "2025-03-18T18:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56346"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7186621"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-69VM-8RMF-JW2P

Vulnerability from github – Published: 2025-02-28 21:32 – Updated: 2025-02-28 21:32
VLAI
Details

IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-0160"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-28T19:15:36Z",
    "severity": "HIGH"
  },
  "details": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1)  could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.",
  "id": "GHSA-69vm-8rmf-jw2p",
  "modified": "2025-02-28T21:32:20Z",
  "published": "2025-02-28T21:32:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0160"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7184182"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-892W-Q9HR-HM9C

Vulnerability from github – Published: 2023-10-05 00:30 – Updated: 2024-04-04 08:18
VLAI
Details

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-40299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-04T22:15:09Z",
    "severity": "HIGH"
  },
  "details": "Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.",
  "id": "GHSA-892w-q9hr-hm9c",
  "modified": "2024-04-04T08:18:50Z",
  "published": "2023-10-05T00:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40299"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Kong/insomnia/pull/6217/commits"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Kong/insomnia/releases"
    },
    {
      "type": "WEB",
      "url": "https://insomnia.rest/changelog"
    },
    {
      "type": "WEB",
      "url": "https://www.angelystor.com/posts/cve-2023-40299"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F243-FG24-GG3M

Vulnerability from github – Published: 2025-11-13 21:31 – Updated: 2025-11-13 21:31
VLAI
Details

Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T20:15:50Z",
    "severity": "LOW"
  },
  "details": "Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.",
  "id": "GHSA-f243-fg24-gg3m",
  "modified": "2025-11-13T21:31:19Z",
  "published": "2025-11-13T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46370"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000379467/dsa-2025-392"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GF4W-G7VV-VR2W

Vulnerability from github – Published: 2025-11-14 00:30 – Updated: 2025-11-20 00:31
VLAI
Details

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36250"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T22:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. \u00a0This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.",
  "id": "GHSA-gf4w-g7vv-vr2w",
  "modified": "2025-11-20T00:31:21Z",
  "published": "2025-11-14T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36250"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7251173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HFX3-278H-QHXQ

Vulnerability from github – Published: 2025-11-14 00:30 – Updated: 2025-11-14 00:30
VLAI
Details

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-36251"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T22:15:51Z",
    "severity": "CRITICAL"
  },
  "details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.",
  "id": "GHSA-hfx3-278h-qhxq",
  "modified": "2025-11-14T00:30:27Z",
  "published": "2025-11-14T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36251"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7251173"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it.

CAPEC-108: Command Line Execution through SQL Injection

An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

CAPEC-640: Inclusion of Code in Existing Process

The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process's memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, function hooking, reflective code loading, and more.