CVEbaza.plSłownik CWECWE-676
Common Weakness Enumeration

CWE-676

Use of Potentially Dangerous Function

Kategoria: BaseCVE: 8
Opis

Produkt wywołuje potencjalnie niebezpieczną funkcję, która może wprowadzić lukę w zabezpieczeniach, jeśli zostanie użyta nieprawidłowo, ale funkcja ta może być również wykorzystana w bezpieczny sposób. Zagrożenie wynika z możliwości nieprawidłowego zastosowania, a nie z samej funkcji.

Description (EN)

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Podatności CVE z CWE-676 (8)
10.0
CVSS
CRITICAL
CVE-2021-27474

Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all functions relating to IIS remoting services. This vulnerability may allow a remote, unauthenticated attacker to modify sensitive data in FactoryTalk AssetCentre.

pub. 2022-03-23
8.5
CVSS
HIGH
CVE-2025-65117

The vulnerability, if exploited, could allow an authenticated miscreant (Process Optimization Designer User) to embed OLE objects into graphics, and escalate their privileges to the identity of a victim user who subsequently interacts with the graphical elements.

pub. 2026-01-16
7.5
CVSS
HIGH
CVE-2022-39063

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. Once UPF receives a request, it gets the f_teid_len from incoming message, and then uses it to copy data from incoming message to struct f_teid without checking the maximum length. If the pdi.local_f_teid.len exceeds the maximum length of the struct of f_teid, the memcpy() overwrites the fields (e.g., f_teid_len) after f_teid in the pdr struct. After parsing the request, the UPF starts to build a response. The f_teid_len with its overwritten value is used as a length for memcpy(). A segmentation fault occurs, as a result of a memcpy(), if this overwritten value is large enough.

pub. 2022-09-16
6.5
CVSS
MEDIUM
CVE-2024-38434

Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass

pub. 2024-07-21
6.2
CVSS
MEDIUM
CVE-2026-48696

FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689.

pub. 2026-05-26
5.5
CVSS
MEDIUM
CVE-2024-50307

Use of potentially dangerous function issue exists in Chatwork Desktop Application (Windows) versions prior to 2.9.2. If a user clicks a specially crafted link in the application, an arbitrary file may be downloaded from an external website and executed. As a result, arbitrary code may be executed on the device that runs Chatwork Desktop Application (Windows).

pub. 2024-10-28
5.3
CVSS
MEDIUM
CVE-2025-67604

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.

pub. 2026-05-12
4.0
CVSS
MEDIUM
CVE-2024-37387

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered.

pub. 2024-06-19
Informacje
ID: CWE-676
Typ: Base
Podatności: 8
MITRE CWE ↗
← Słownik CWE