Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-1378 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. | 9.1 |
| 2024-02-09 | CVE-2024-23749 | Command Injection vulnerability in 9Bis Kitty KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). | 7.8 |
| 2024-02-09 | CVE-2023-46687 | Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | 9.8 |
| 2024-02-09 | CVE-2023-49716 | Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. | 9.8 |
| 2024-02-08 | CVE-2023-40263 | Command Injection vulnerability in Unify Openscape Voice Trace Manager V8 An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. | 8.8 |
| 2024-02-08 | CVE-2024-24321 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05 An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | 9.8 |
| 2024-02-05 | CVE-2024-23049 | Command Injection vulnerability in B3Log Symphony An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. | 9.8 |
| 2024-02-02 | CVE-2023-41283 | Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 7.2 |
| 2024-02-02 | CVE-2023-45025 | Command Injection vulnerability in Qnap Qts, Quts Hero and Qutscloud An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 9.8 |
| 2024-02-02 | CVE-2023-47562 | Command Injection vulnerability in Qnap Photo Station An OS command injection vulnerability has been reported to affect Photo Station. | 8.8 |