Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-28 | CVE-2024-25955 | Command Injection vulnerability in Dell products Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. | 8.8 |
| 2024-03-27 | CVE-2024-29946 | Command Injection vulnerability in Splunk In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. | 8.1 |
| 2024-03-26 | CVE-2023-52624 | Command Injection vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before executing GPINT commands [Why] DMCUB can be in idle when we attempt to interface with the HW through the GPINT mailbox resulting in a system hang. [How] Add dc_wake_and_execute_gpint() to wrap the wake, execute, sleep sequence. If the GPINT executes successfully then DMCUB will be put back into sleep after the optional response is returned. It functions similar to the inbox command interface. | 7.8 |
| 2024-03-09 | CVE-2024-25951 | Command Injection vulnerability in Dell Idrac8 2.50.50.50/2.52.52.52/2.60.60.60 A command injection vulnerability exists in local RACADM. | 8.0 |
| 2024-02-21 | CVE-2024-23346 | Command Injection vulnerability in Materialsvirtuallab Pymatgen Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. | 7.8 |
| 2024-02-16 | CVE-2024-24377 | Command Injection vulnerability in Idocv Idocview An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. | 9.8 |
| 2024-02-14 | CVE-2024-22093 | Command Injection vulnerability in F5 products When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. | 9.6 |
| 2024-02-13 | CVE-2024-1354 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. | 8.0 |
| 2024-02-13 | CVE-2024-1355 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. | 9.1 |
| 2024-02-13 | CVE-2024-1359 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. | 9.1 |