Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-1374 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1378 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options.
network
low complexity
github CWE-77
critical
9.1
2024-02-09 CVE-2024-23749 Command Injection vulnerability in 9Bis Kitty
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390).
local
low complexity
9bis CWE-77
7.8
2024-02-09 CVE-2023-46687 Command Injection vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
network
low complexity
emerson CWE-77
critical
9.8
2024-02-09 CVE-2023-49716 Command Injection vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
network
low complexity
emerson CWE-77
critical
9.8
2024-02-08 CVE-2023-40263 Command Injection vulnerability in Unify Openscape Voice Trace Manager V8
An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11.
network
low complexity
unify CWE-77
8.8
2024-02-08 CVE-2024-24321 Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05
An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function.
network
low complexity
dlink CWE-77
critical
9.8
2024-02-05 CVE-2024-23049 Command Injection vulnerability in B3Log Symphony
An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component.
network
low complexity
b3log CWE-77
critical
9.8
2024-02-02 CVE-2023-41283 Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-77
7.2
2024-02-02 CVE-2023-45025 Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-77
critical
9.8