Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-1369 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. | 9.1 |
| 2024-02-13 | CVE-2024-1372 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. | 9.1 |
| 2024-02-13 | CVE-2024-1374 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. | 9.1 |
| 2024-02-13 | CVE-2024-1378 | Command Injection vulnerability in Github Enterprise Server A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. | 9.1 |
| 2024-02-09 | CVE-2024-23749 | Command Injection vulnerability in 9Bis Kitty KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). | 7.8 |
| 2024-02-09 | CVE-2023-46687 | Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer. | 9.8 |
| 2024-02-09 | CVE-2023-49716 | Command Injection vulnerability in Emerson products In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer. | 9.8 |
| 2024-02-08 | CVE-2023-40263 | Command Injection vulnerability in Unify Openscape Voice Trace Manager V8 An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. | 8.8 |
| 2024-02-08 | CVE-2024-24321 | Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb05 An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. | 9.8 |
| 2024-02-08 | CVE-2024-24216 | Command Injection vulnerability in Easycorp Zentao Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. | 9.8 |