CWE-114
DiscouragedProcess Control
Abstraction: Class · Status: Incomplete
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
37 vulnerabilities reference this CWE, most recent first.
CVE-2019-8453 (GCVE-0-2019-8453)
Vulnerability from cvelistv5 – Published: 2019-04-17 14:06 – Updated: 2024-08-04 21:17| URL | Tags |
|---|---|
| https://www.zonealarm.com/software/release-histor… | x_refsource_MISC |
| http://www.securityfocus.com/bid/108029 | vdb-entryx_refsource_BID |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Check Point ZoneAlarm |
Affected:
up to 15.4.062
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:17:31.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960"
},
{
"name": "108029",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Check Point ZoneAlarm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "up to 15.4.062"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-114",
"description": "CWE-114",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-23T15:06:11.000Z",
"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"shortName": "checkpoint"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960"
},
{
"name": "108029",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108029"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"ID": "CVE-2019-8453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Check Point ZoneAlarm",
"version": {
"version_data": [
{
"version_value": "up to 15.4.062"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-114"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960",
"refsource": "MISC",
"url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960"
},
{
"name": "108029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108029"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45",
"assignerShortName": "checkpoint",
"cveId": "CVE-2019-8453",
"datePublished": "2019-04-17T14:06:40.000Z",
"dateReserved": "2019-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:17:31.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-3JPM-WF77-VWQX
Vulnerability from github – Published: 2026-03-18 18:31 – Updated: 2026-03-18 18:31Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.
{
"affected": [],
"aliases": [
"CVE-2026-26945"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-18T18:16:26Z",
"severity": "MODERATE"
},
"details": "Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.",
"id": "GHSA-3jpm-wf77-vwqx",
"modified": "2026-03-18T18:31:18Z",
"published": "2026-03-18T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26945"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-52JJ-6W68-3M25
Vulnerability from github – Published: 2024-08-27 12:30 – Updated: 2025-05-17 00:30In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.
Required Configuration: Only environments with Linux as the underlying operating system is affected by this issue
{
"affected": [],
"aliases": [
"CVE-2024-8207"
],
"database_specific": {
"cwe_ids": [
"CWE-114",
"CWE-610"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-27T12:15:04Z",
"severity": "MODERATE"
},
"details": "In certain highly specific configurations of the host system and MongoDB server binary installation on Linux Operating Systems, it may be possible for a unintended actor with host-level access to cause the MongoDB Server binary to load unintended actor-controlled shared libraries when the server binary is started, potentially resulting in the unintended actor gaining full control over the MongoDB server process. This issue affects MongoDB Server v5.0 versions prior to 5.0.14 and MongoDB Server v6.0 versions prior to 6.0.3.\n\nRequired Configuration: Only environments with Linux as the underlying operating system is affected by this issue",
"id": "GHSA-52jj-6w68-3m25",
"modified": "2025-05-17T00:30:25Z",
"published": "2024-08-27T12:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8207"
},
{
"type": "WEB",
"url": "https://jira.mongodb.org/browse/SERVER-69507"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20250516-0009"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-67G9-M5C8-562G
Vulnerability from github – Published: 2025-03-18 18:30 – Updated: 2025-03-18 18:30IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.
{
"affected": [],
"aliases": [
"CVE-2024-56347"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-18T17:15:44Z",
"severity": "CRITICAL"
},
"details": "IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.",
"id": "GHSA-67g9-m5c8-562g",
"modified": "2025-03-18T18:30:49Z",
"published": "2025-03-18T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56347"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7186621"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-68FX-M736-WFWF
Vulnerability from github – Published: 2025-03-18 18:30 – Updated: 2025-03-18 18:30IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.
{
"affected": [],
"aliases": [
"CVE-2024-56346"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-18T17:15:44Z",
"severity": "CRITICAL"
},
"details": "IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.",
"id": "GHSA-68fx-m736-wfwf",
"modified": "2025-03-18T18:30:49Z",
"published": "2025-03-18T18:30:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56346"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7186621"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-69VM-8RMF-JW2P
Vulnerability from github – Published: 2025-02-28 21:32 – Updated: 2025-02-28 21:32IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.
{
"affected": [],
"aliases": [
"CVE-2025-0160"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-28T19:15:36Z",
"severity": "HIGH"
},
"details": "IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker with access to the system to execute arbitrary Java code due to improper restrictions in the RPCAdapter service.",
"id": "GHSA-69vm-8rmf-jw2p",
"modified": "2025-02-28T21:32:20Z",
"published": "2025-02-28T21:32:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0160"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7184182"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-892W-Q9HR-HM9C
Vulnerability from github – Published: 2023-10-05 00:30 – Updated: 2024-04-04 08:18Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.
{
"affected": [],
"aliases": [
"CVE-2023-40299"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-04T22:15:09Z",
"severity": "HIGH"
},
"details": "Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.",
"id": "GHSA-892w-q9hr-hm9c",
"modified": "2024-04-04T08:18:50Z",
"published": "2023-10-05T00:30:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40299"
},
{
"type": "WEB",
"url": "https://github.com/Kong/insomnia/pull/6217/commits"
},
{
"type": "WEB",
"url": "https://github.com/Kong/insomnia/releases"
},
{
"type": "WEB",
"url": "https://insomnia.rest/changelog"
},
{
"type": "WEB",
"url": "https://www.angelystor.com/posts/cve-2023-40299"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F243-FG24-GG3M
Vulnerability from github – Published: 2025-11-13 21:31 – Updated: 2025-11-13 21:31Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.
{
"affected": [],
"aliases": [
"CVE-2025-46370"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T20:15:50Z",
"severity": "LOW"
},
"details": "Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure.",
"id": "GHSA-f243-fg24-gg3m",
"modified": "2025-11-13T21:31:19Z",
"published": "2025-11-13T21:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46370"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000379467/dsa-2025-392"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GF4W-G7VV-VR2W
Vulnerability from github – Published: 2025-11-14 00:30 – Updated: 2025-11-20 00:31IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
{
"affected": [],
"aliases": [
"CVE-2025-36250"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T22:15:50Z",
"severity": "CRITICAL"
},
"details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. \u00a0This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.",
"id": "GHSA-gf4w-g7vv-vr2w",
"modified": "2025-11-20T00:31:21Z",
"published": "2025-11-14T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36250"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7251173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HFX3-278H-QHXQ
Vulnerability from github – Published: 2025-11-14 00:30 – Updated: 2025-11-14 00:30IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.
{
"affected": [],
"aliases": [
"CVE-2025-36251"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T22:15:51Z",
"severity": "CRITICAL"
},
"details": "IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.",
"id": "GHSA-hfx3-278h-qhxq",
"modified": "2025-11-14T00:30:27Z",
"published": "2025-11-14T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-36251"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7251173"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Libraries or Frameworks
Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it.
CAPEC-108: Command Line Execution through SQL Injection
An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
CAPEC-640: Inclusion of Code in Existing Process
The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process's memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, function hooking, reflective code loading, and more.