Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2024-37569 Command Injection vulnerability in Mitel 6869I SIP Firmware
An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices.
network
low complexity
mitel CWE-77
8.8
2024-06-09 CVE-2024-37570 Command Injection vulnerability in Mitel 6869I SIP Firmware 4.5.0.41
On Mitel 6869i 4.5.0.41 devices, the Manual Firmware Update (upgrade.html) page does not perform sanitization on the username and path parameters (sent by an authenticated user) before appending flags to the busybox ftpget command.
network
low complexity
mitel CWE-77
8.8
2024-06-04 CVE-2024-36604 Command Injection vulnerability in Tendacn O3V2 Firmware 1.0.0.12(3880)
Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter in the SetStp function.
network
low complexity
tendacn CWE-77
critical
9.8
2024-06-04 CVE-2024-34792 Command Injection vulnerability in Dextaz Ping Project Dextaz Ping 0.65
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in dexta Dextaz Ping allows Command Injection.This issue affects Dextaz Ping: from n/a through 0.65.
network
low complexity
dextaz-ping-project CWE-77
7.2
2024-04-17 CVE-2023-40146 A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU).
low complexity
CWE-77
6.8
2024-04-12 CVE-2024-3400 Command Injection vulnerability in Paloaltonetworks Pan-Os
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
network
low complexity
paloaltonetworks CWE-77
critical
10.0
2024-04-04 CVE-2024-3273 Command Injection vulnerability in Dlink products
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403.
network
low complexity
dlink CWE-77
critical
9.8
2024-03-31 CVE-2023-41724 Command Injection vulnerability in Ivanti Standalone Sentry
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network.
low complexity
ivanti CWE-77
8.8
2024-03-27 CVE-2024-29946 Command Injection vulnerability in Splunk
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands.
network
low complexity
splunk CWE-77
8.1
2024-02-13 CVE-2024-1354 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file.
network
high complexity
github CWE-77
8.0