Common Weakness Enumeration

CWE-114

Discouraged

Process Control

Abstraction: Class · Status: Incomplete

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

37 vulnerabilities reference this CWE, most recent first.

GHSA-J26P-3QQC-P3HW

Vulnerability from github – Published: 2024-02-22 12:30 – Updated: 2024-02-22 12:30
VLAI
Details

IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-22T12:15:46Z",
    "severity": "HIGH"
  },
  "details": "IBM AIX 7.3, VIOS 4.1\u0027s Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands.  IBM X-Force ID:  281320.",
  "id": "GHSA-j26p-3qqc-p3hw",
  "modified": "2024-02-22T12:30:57Z",
  "published": "2024-02-22T12:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25021"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281320"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7122628"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M9GQ-W7JG-MRWV

Vulnerability from github – Published: 2025-01-28 18:31 – Updated: 2025-01-28 18:31
VLAI
Details

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-23385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-28T16:15:41Z",
    "severity": "HIGH"
  },
  "details": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible",
  "id": "GHSA-m9gq-w7jg-mrwv",
  "modified": "2025-01-28T18:31:28Z",
  "published": "2025-01-28T18:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23385"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QCVJ-MCP5-PJG8

Vulnerability from github – Published: 2025-04-22 15:30 – Updated: 2025-04-22 15:30
VLAI
Details

IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1950"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-22T15:16:10Z",
    "severity": "CRITICAL"
  },
  "details": "IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.",
  "id": "GHSA-qcvj-mcp5-pjg8",
  "modified": "2025-04-22T15:30:52Z",
  "published": "2025-04-22T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1950"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7231507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R5FV-VX8P-JVRQ

Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31
VLAI
Details

A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-44168"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114",
      "CWE-427"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-17T00:15:51Z",
    "severity": "MODERATE"
  },
  "details": "A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.",
  "id": "GHSA-r5fv-vx8p-jvrq",
  "modified": "2025-11-04T18:31:23Z",
  "published": "2024-09-17T00:31:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44168"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121234"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121238"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/121247"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/33"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/40"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Sep/41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC8F-8M86-P4VM

Vulnerability from github – Published: 2022-11-18 00:30 – Updated: 2025-10-22 00:32
VLAI
Details

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-23748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114",
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-17T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.",
  "id": "GHSA-rc8f-8m86-p4vm",
  "modified": "2025-10-22T00:32:37Z",
  "published": "2022-11-18T00:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23748"
    },
    {
      "type": "WEB",
      "url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193"
    },
    {
      "type": "WEB",
      "url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C"
    },
    {
      "type": "WEB",
      "url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/,"
    },
    {
      "type": "WEB",
      "url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23748"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V7VW-FPCC-2X25

Vulnerability from github – Published: 2023-09-06 00:30 – Updated: 2024-04-04 07:29
VLAI
Details

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-05T23:15:08Z",
    "severity": "HIGH"
  },
  "details": "\nGE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.\n\n",
  "id": "GHSA-v7vw-fpcc-2x25",
  "modified": "2024-04-04T07:29:50Z",
  "published": "2023-09-06T00:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4487"
    },
    {
      "type": "WEB",
      "url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W3M8-585X-V8V5

Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:51
VLAI
Details

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-8461"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-114",
      "CWE-426"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-29T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.",
  "id": "GHSA-w3m8-585x-v8v5",
  "modified": "2024-04-04T01:51:24Z",
  "published": "2022-05-24T16:55:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8461"
    },
    {
      "type": "WEB",
      "url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"
    },
    {
      "type": "WEB",
      "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

Strategy: Libraries or Frameworks

Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it.

CAPEC-108: Command Line Execution through SQL Injection

An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

CAPEC-640: Inclusion of Code in Existing Process

The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process's memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, function hooking, reflective code loading, and more.