Common Weakness Enumeration

CWE-242

Allowed

Use of Inherently Dangerous Function

Abstraction: Base · Status: Draft

The product calls a function that can never be guaranteed to work safely.

19 vulnerabilities reference this CWE, most recent first.

GHSA-2VGX-XV4F-3VM9

Vulnerability from github – Published: 2024-12-06 21:30 – Updated: 2024-12-06 21:30
VLAI
Details

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52324"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T19:15:13Z",
    "severity": "CRITICAL"
  },
  "details": "Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands.",
  "id": "GHSA-2vgx-xv4f-3vm9",
  "modified": "2024-12-06T21:30:39Z",
  "published": "2024-12-06T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52324"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-78QC-93VM-F29V

Vulnerability from github – Published: 2025-05-09 00:30 – Updated: 2025-05-09 00:30
VLAI
Details

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1331"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-08T22:15:18Z",
    "severity": "HIGH"
  },
  "details": "IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1\u00a0could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the gets function.",
  "id": "GHSA-78qc-93vm-f29v",
  "modified": "2025-05-09T00:30:34Z",
  "published": "2025-05-09T00:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1331"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7232923"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7232924"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GPM-F37J-R77G

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-42543"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-05T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown.",
  "id": "GHSA-7gpm-f37j-r77g",
  "modified": "2022-05-24T19:19:49Z",
  "published": "2022-05-24T19:19:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42543"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-308-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-FPXX-JV2F-8CF9

Vulnerability from github – Published: 2023-09-07 15:30 – Updated: 2024-04-04 07:32
VLAI
Details

ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-40698"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-07T13:15:07Z",
    "severity": "HIGH"
  },
  "details": "ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (and earlier) are impacted by an Use of Inherently Dangerous Function vulnerability that can lead to a security feature bypass??. An authenticated attacker could leverage this vulnerability to access and manipulate arbitrary data on the environment. ",
  "id": "GHSA-fpxx-jv2f-8cf9",
  "modified": "2024-04-04T07:32:36Z",
  "published": "2023-09-07T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40698"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HXHJ-HP9M-QWC4

Vulnerability from github – Published: 2017-11-29 23:21 – Updated: 2023-01-23 17:38
VLAI
Summary
private_address_check vulnerable to bypass of Resolv.getaddresses method
Details

The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby's Resolv.getaddresses method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "private_address_check"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-0904"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-242"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:41:23Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "The private_address_check ruby gem before 0.4.0 is vulnerable to a bypass due to use of Ruby\u0027s `Resolv.getaddresses` method, which is OS-dependent and should not be relied upon for security measures, such as when used to blacklist private network addresses to prevent server-side request forgery.",
  "id": "GHSA-hxhj-hp9m-qwc4",
  "modified": "2023-01-23T17:38:44Z",
  "published": "2017-11-29T23:21:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0904"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jtdowney/private_address_check/issues/1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jtdowney/private_address_check/commit/58a0d7fe31de339c0117160567a5b33ad82b46af"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/287245"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/287835"
    },
    {
      "type": "WEB",
      "url": "https://edoverflow.com/2017/ruby-resolv-bug"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "private_address_check vulnerable to bypass of Resolv.getaddresses method"
}

GHSA-J666-4GR9-R4Q4

Vulnerability from github – Published: 2025-08-26 18:31 – Updated: 2025-08-26 18:31
VLAI
Details

IBM Cognos Command Center 10.2.4.1 and 10.2.5

could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1994"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-26T17:15:36Z",
    "severity": "HIGH"
  },
  "details": "IBM Cognos Command Center 10.2.4.1 and 10.2.5 \n\n\n\ncould allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.",
  "id": "GHSA-j666-4gr9-r4q4",
  "modified": "2025-08-26T18:31:15Z",
  "published": "2025-08-26T18:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1994"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7242159"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHJH-GHWX-6H7R

Vulnerability from github – Published: 2019-01-17 13:56 – Updated: 2024-09-24 20:48
VLAI
Summary
modulemd uses an unsafe function for processing externally provided data
Details

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "modulemd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-1002157"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-242"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:43:31Z",
    "nvd_published_at": "2019-01-10T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.",
  "id": "GHSA-jhjh-ghwx-6h7r",
  "modified": "2024-09-24T20:48:00Z",
  "published": "2019-01-17T13:56:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1002157"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/modulemd/PYSEC-2019-153.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xsuchy/modulemd"
    },
    {
      "type": "WEB",
      "url": "https://pagure.io/modulemd/issue/55"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "modulemd uses an unsafe function for processing externally provided data"
}

GHSA-JM5F-GPFQ-Q9H3

Vulnerability from github – Published: 2026-05-14 15:31 – Updated: 2026-07-06 15:30
VLAI
Details

Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6477"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120",
      "CWE-242"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-14T14:16:25Z",
    "severity": "HIGH"
  },
  "details": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response.  Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size.  Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory.  Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.",
  "id": "GHSA-jm5f-gpfq-q9h3",
  "modified": "2026-07-06T15:30:36Z",
  "published": "2026-05-14T15:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6477"
    },
    {
      "type": "WEB",
      "url": "https://www.postgresql.org/support/security/CVE-2026-6477"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6477.json"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477442"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2026-6477"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:35880"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:34363"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:34362"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:34043"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:33497"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:33441"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:32994"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:32983"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:29953"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:29904"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:29815"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:29212"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:28037"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27743"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27742"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27741"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27738"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:27718"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26561"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26525"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26524"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26204"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26203"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:26181"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:22878"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:21182"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M868-6R8G-X6R5

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-242",
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:39Z",
    "severity": "HIGH"
  },
  "details": "A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. \n\nPlease note: an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability.",
  "id": "GHSA-m868-6r8g-x6r5",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49215"
    },
    {
      "type": "WEB",
      "url": "https://success.trendmicro.com/en-US/solution/KA-0019928"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-372"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-58
Build and Compilation Implementation

Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]

Mitigation
Testing

Use grep or static analysis tools to spot usage of dangerous functions.

No CAPEC attack patterns related to this CWE.