CWE-114
DiscouragedProcess Control
Abstraction: Class · Status: Incomplete
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
37 vulnerabilities reference this CWE, most recent first.
GHSA-J26P-3QQC-P3HW
Vulnerability from github – Published: 2024-02-22 12:30 – Updated: 2024-02-22 12:30IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.
{
"affected": [],
"aliases": [
"CVE-2024-25021"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-22T12:15:46Z",
"severity": "HIGH"
},
"details": "IBM AIX 7.3, VIOS 4.1\u0027s Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.",
"id": "GHSA-j26p-3qqc-p3hw",
"modified": "2024-02-22T12:30:57Z",
"published": "2024-02-22T12:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25021"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281320"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7122628"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M9GQ-W7JG-MRWV
Vulnerability from github – Published: 2025-01-28 18:31 – Updated: 2025-01-28 18:31In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible
{
"affected": [],
"aliases": [
"CVE-2025-23385"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-28T16:15:41Z",
"severity": "HIGH"
},
"details": "In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local Privilege Escalation via the ETW Host Service was possible",
"id": "GHSA-m9gq-w7jg-mrwv",
"modified": "2025-01-28T18:31:28Z",
"published": "2025-01-28T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23385"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QCVJ-MCP5-PJG8
Vulnerability from github – Published: 2025-04-22 15:30 – Updated: 2025-04-22 15:30IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
{
"affected": [],
"aliases": [
"CVE-2025-1950"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-22T15:16:10Z",
"severity": "CRITICAL"
},
"details": "IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.",
"id": "GHSA-qcvj-mcp5-pjg8",
"modified": "2025-04-22T15:30:52Z",
"published": "2025-04-22T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1950"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7231507"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5FV-VX8P-JVRQ
Vulnerability from github – Published: 2024-09-17 00:31 – Updated: 2025-11-04 18:31A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.
{
"affected": [],
"aliases": [
"CVE-2024-44168"
],
"database_specific": {
"cwe_ids": [
"CWE-114",
"CWE-427"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-17T00:15:51Z",
"severity": "MODERATE"
},
"details": "A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of the file system.",
"id": "GHSA-r5fv-vx8p-jvrq",
"modified": "2025-11-04T18:31:23Z",
"published": "2024-09-17T00:31:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-44168"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121234"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121238"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/121247"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/40"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Sep/41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RC8F-8M86-P4VM
Vulnerability from github – Published: 2022-11-18 00:30 – Updated: 2025-10-22 00:32mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.
{
"affected": [],
"aliases": [
"CVE-2022-23748"
],
"database_specific": {
"cwe_ids": [
"CWE-114",
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-17T23:15:00Z",
"severity": "HIGH"
},
"details": "mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.",
"id": "GHSA-rc8f-8m86-p4vm",
"modified": "2025-10-22T00:32:37Z",
"published": "2022-11-18T00:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23748"
},
{
"type": "WEB",
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193"
},
{
"type": "WEB",
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/%2C"
},
{
"type": "WEB",
"url": "https://cpr-zero.checkpoint.com/vulns/cprid-2193/,"
},
{
"type": "WEB",
"url": "https://www.audinate.com/learning/faqs/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-23748"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V7VW-FPCC-2X25
Vulnerability from github – Published: 2023-09-06 00:30 – Updated: 2024-04-04 07:29GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.
{
"affected": [],
"aliases": [
"CVE-2023-4487"
],
"database_specific": {
"cwe_ids": [
"CWE-114"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-05T23:15:08Z",
"severity": "HIGH"
},
"details": "\nGE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.\n\n",
"id": "GHSA-v7vw-fpcc-2x25",
"modified": "2024-04-04T07:29:50Z",
"published": "2023-09-06T00:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4487"
},
{
"type": "WEB",
"url": "https://digitalsupport.ge.com/s/article/GE-Digital-CIMPLICITY-Privilege-Escalation-Vulnerability"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-243-02"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W3M8-585X-V8V5
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:51Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
{
"affected": [],
"aliases": [
"CVE-2019-8461"
],
"database_specific": {
"cwe_ids": [
"CWE-114",
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-29T21:15:00Z",
"severity": "HIGH"
},
"details": "Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.",
"id": "GHSA-w3m8-585x-v8v5",
"modified": "2024-04-04T01:51:24Z",
"published": "2022-05-24T16:55:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8461"
},
{
"type": "WEB",
"url": "https://safebreach.com/Post/Check-Point-Endpoint-Security-Initial-Client-for-Windows-Privilege-Escalation-to-SYSTEM"
},
{
"type": "WEB",
"url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk160812"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Strategy: Libraries or Frameworks
Libraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult to determine what these native libraries actually do, and the potential for malicious code is high. In addition, the potential for an inadvertent mistake in these native libraries is also high, as many are written in C or C++ and may be susceptible to buffer overflow or race condition problems. To help prevent buffer overflow attacks, validate all input to native calls for content and length. If the native library does not come from a trusted source, review the source code of the library. The library should be built from the reviewed source before using it.
CAPEC-108: Command Line Execution through SQL Injection
An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
CAPEC-640: Inclusion of Code in Existing Process
The adversary takes advantage of a bug in an application failing to verify the integrity of the running process to execute arbitrary code in the address space of a separate live process. The adversary could use running code in the context of another process to try to access process's memory, system/network resources, etc. The goal of this attack is to evade detection defenses and escalate privileges by masking the malicious code under an existing legitimate process. Examples of approaches include but not limited to: dynamic-link library (DLL) injection, portable executable injection, thread execution hijacking, ptrace system calls, VDSO hijacking, function hooking, reflective code loading, and more.