目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-114 流程控制 类漏洞列表 22

CWE-114 流程控制 类弱点 22 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-114 属于进程控制漏洞,指应用程序从不可信源执行命令或加载库,导致恶意代码在攻击者控制下运行。攻击者通常通过篡改程序执行的命令参数或修改运行环境,诱导应用执行非预期操作。开发者应避免直接拼接用户输入构建命令,严格校验输入源,使用白名单机制限制可执行文件,并隔离不可信环境,从而阻断恶意进程的控制路径。

MITRE CWE 官方描述
CWE:CWE-114 Process Control 英文:从不受信任的来源执行命令或加载库,或在不受信任的环境中执行,可能导致应用程序代表攻击者执行恶意命令(和有效载荷)。 Process Control 漏洞有两种形式:攻击者可以更改程序执行的命令:攻击者显式控制命令的内容。攻击者可以更改命令执行的环境:攻击者隐式控制命令的含义。第一类 Process Control 漏洞发生在数据从不受信任的来源进入应用程序,并且该数据被用作由应用程序执行的命令字符串的一部分时。通过执行该命令,应用程序赋予攻击者原本不具备的特权或能力。
常见影响 (1)
Confidentiality, Integrity, AvailabilityExecute Unauthorized Code or Commands
缓解措施 (1)
Architecture and DesignLibraries that are loaded should be well understood and come from a trusted source. The application can execute code contained in the native libraries, which often contain calls that are susceptible to other security problems, such as buffer overflows or command injection. All native libraries should be validated to determine if the application requires the use of the library. It is very difficult…
代码示例 (2)
The following code uses System.loadLibrary() to load code from a native library named library.dll, which is normally found in a standard system directory.
... System.loadLibrary("library.dll"); ...
Bad · Java
The following code from a privileged application uses a registry entry to determine the directory in which it is installed and loads a library file based on a relative path from the specified directory.
... RegQueryValueEx(hkey, "APPHOME", 0, 0, (BYTE*)home, &size); char* lib=(char*)malloc(strlen(home)+strlen(INITLIB)); if (lib) { strcpy(lib,home); strcat(lib,INITCMD); LoadLibrary(lib); } ...
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-26945 Dell Integrated Dell Remote Access Controller 安全漏洞 — Integrated Dell Remote Access Controller 5.3 Medium2026-03-18
CVE-2026-29046 TinyWeb 安全漏洞 — TinyWeb 7.5 -2026-03-06
CVE-2025-36250 IBM AIX和IBM VIOS 安全漏洞 — AIX 10.0 Critical2025-11-13
CVE-2025-36251 IBM AIX和IBM VIOS 安全漏洞 — AIX 9.6 Critical2025-11-13
CVE-2025-46370 Dell Alienware Command Center 安全漏洞 — Alienware Command Center 6.x (AWCC) 3.3 Low2025-11-13
CVE-2025-1950 IBM Power Hardware Management Console 安全漏洞 — Hardware Management Console - Power Systems 9.3 Critical2025-04-22
CVE-2024-56347 IBM AIX 安全漏洞 — AIX 9.6 Critical2025-03-18
CVE-2024-56346 IBM AIX 安全漏洞 — AIX 10.0 Critical2025-03-18
CVE-2025-0160 IBM FlashSystem 安全漏洞 — Storage Virtualize 8.1 High2025-02-28
CVE-2025-23385 JetBrains多款产品 安全漏洞 — ReSharper 7.8 High2025-01-28
CVE-2024-8207 MongoDB Server 安全漏洞 — MongoDB Server 6.4 Medium2024-08-27
CVE-2024-32004 Microsoft Visual Studio 安全漏洞 — git 8.2 High2024-05-14
CVE-2023-4487 GE CIMPLICITY 安全漏洞 — CIMPLICITY 7.8 High2023-09-05
CVE-2022-23748 Zoom Rooms 代码问题漏洞 — Audinate Dante Application Library for Windows 7.8 -2022-11-17
CVE-2020-8107 Bitdefender Antivirus Plus 安全漏洞 — Antivirus Plus 8.2 High2022-02-18
CVE-2020-6024 Check Point Smartconsole 安全漏洞 — Check Point SmartConsole 7.8 -2021-01-20
CVE-2020-6014 Check Point Endpoint Security Client 代码问题漏洞 — Check Point Endpoint Security Client for Windows 6.0 -2020-10-30
CVE-2020-11081 Facebook osquery 代码问题漏洞 — osquery 5.3 Medium2020-07-10
CVE-2020-11075 Anchore Engine 安全漏洞 — anchore-engine 7.7 High2020-05-27
CVE-2019-8461 Check Point Endpoint Security Initial Client for Windows 代码问题漏洞 — Check Point Endpoint Security Initial Client for Windows 7.8 -2019-08-29
CVE-2019-8458 Check Point Endpoint Security Client 输入验证错误漏洞 — Check Point Endpoint Security Client for Windows, Anti-Malware blade 5.7 -2019-06-20
CVE-2019-8453 Check Point ZoneAlarm 代码问题漏洞 — Check Point ZoneAlarm 7.1 -2019-04-17

CWE-114(流程控制) 是常见的弱点类别,本平台收录该类弱点关联的 22 条 CVE 漏洞。