Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-03-27 CVE-2024-29946 Command Injection vulnerability in Splunk
In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands.
network
low complexity
splunk CWE-77
8.1
2024-02-13 CVE-2024-1354 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file.
network
high complexity
github CWE-77
8.0
2024-02-13 CVE-2024-1355 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1359 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1369 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1372 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1374 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding.
network
low complexity
github CWE-77
critical
9.1
2024-02-13 CVE-2024-1378 Command Injection vulnerability in Github Enterprise Server
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options.
network
low complexity
github CWE-77
critical
9.1
2024-02-09 CVE-2024-23749 Command Injection vulnerability in 9Bis Kitty
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390).
local
low complexity
9bis CWE-77
7.8
2024-02-09 CVE-2023-46687 Command Injection vulnerability in Emerson products
In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
network
low complexity
emerson CWE-77
critical
9.8