Critical
CVE-2024-3781
Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstre…
Tag: Command Injection
All CVEs associated with "Command Injection". Page 24/48 • 5731 CVEs.
Subscribe CVEs: RSS for “Command Injection” · RSS (High+Critical only)
About “Command Injection”
A curated feed of “Command Injection”-related CVEs appears below. We currently track 5731 CVEs for this tag (all time). In the last 365 days, 1682 were published. Average CVSS is 8.2 (all time; 7.8 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection'), CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-04-15
High
CVE-2024-30220
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request…
Medium
CVE-2024-26023
OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands.
High
CVE-2024-1655
Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request.
2024-04-13
Medium
CVE-2024-3739
A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file l…
Medium
CVE-2024-3721
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX__…
2024-04-12
Critical
CVE-2024-3400
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configura…
2024-04-11
Medium
CVE-2024-2742
Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploi…
2024-04-10
Critical
CVE-2024-2029
A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription.…
Critical
CVE-2024-1520
An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' par…
Critical
CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
2024-04-09
High
CVE-2024-21756
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox…
High
CVE-2024-21755
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.3, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox…
Medium
CVE-2023-47540
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2.1 through 4.2.6, FortiSandbo…
Critical
CVE-2023-6320
A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to comm…
Critical
CVE-2023-6319
A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests…
Critical
CVE-2023-6318
A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can l…
High
CVE-2023-1082
An remote attacker with low privileges can perform a command injection which can lead to root access.
2024-04-07
High
CVE-2024-30414
Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
2024-04-05
Medium
CVE-2024-3346
A vulnerability was found in Byzoro Smart S80 up to 20240328. It has been declared as critical. This vulnerability affects unknown code of the file /log/webmailattach.php. The manipulation of the arg…
High
CVE-2024-30891
A command injection vulnerability exists in /goform/exeCommand in Tenda AC18 v15.03.05.05, which allows attackers to construct cmdinput parameters for arbitrary command execution.
2024-04-04
Critical
CVE-2024-27981
A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.0.28 and earlier) allows a malicious actor with UniFi Network Applicat…
High
CVE-2024-3273
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the…
High
CVE-2024-26258
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the pr…
High
CVE-2024-25568
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the pro…
2024-04-03
High
CVE-2024-1180
TP-Link Omada ER605 Access Control Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of T…
High
CVE-2024-30572
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the ntp_server parameter.
Critical
CVE-2024-30568
Netgear R6850 1.1.0.88 was discovered to contain a command injection vulnerability via the c4-IPAddr parameter.
Critical
CVE-2023-25699
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in VideoWhisper.Com VideoWhisper Live Streaming Integration allows OS Command Injection.This i…
2024-04-02
High
CVE-2024-22246
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activat…
Critical
CVE-2024-2389
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon managem…
High
CVE-2024-29949
There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands.
2024-04-01
Critical
CVE-2023-51572
Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations o…
2024-03-31
High
CVE-2023-41724
A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the sam…
2024-03-29
High
CVE-2024-30645
Tenda AC15V1.0 V15.03.20_multi has a command injection vulnerability via the deviceName parameter.
Critical
CVE-2024-30247
NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user…
High
CVE-2024-30637
Tenda F1202 v1.2.0.20(408) has a command injection vulnerablility in the formWriteFacMac function in the mac parameter.
2024-03-28
High
CVE-2024-2947
A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affect…
High
CVE-2024-25955
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted comm…
High
CVE-2024-25946
Dell vApp Manager, versions prior to 9.2.4.9 contain a Command Injection Vulnerability. An authorized attacker could potentially exploit this vulnerability leading to an execution of an inserted comm…
Critical
CVE-2023-6437
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970…
Medium
CVE-2024-3009
A vulnerability has been found in Tenda FH1205 2.0.0.7(775) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulatio…
2024-03-27
Medium
CVE-2024-2991
A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the arg…
Medium
CVE-2024-2982
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this vulnerability is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulati…
High
CVE-2024-1540
A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnera…
High
CVE-2023-40289
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
2024-03-26
Medium
CVE-2024-2910
A vulnerability, which was classified as critical, has been found in Ruijie RG-EG350 up to 20240318. Affected by this issue is the function vpnAction of the file /itbox_pi/vpn_quickset_service.php?a=…
High
CVE-2024-2909
A vulnerability classified as critical was found in Ruijie RG-EG350 up to 20240318. Affected by this vulnerability is the function setAction of the file /itbox_pi/networksafe.php?a=set of the compone…
Critical
CVE-2024-28545
Tenda AC18 V15.03.05.05 contains a command injection vulnerablility in the deviceName parameter of formsetUsbUnload function.
Medium
CVE-2024-2897
A vulnerability classified as critical has been found in Tenda AC7 15.03.06.44. Affected is the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to…
Critical
CVE-2024-28048
OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note t…
High
CVE-2024-28033
OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web serve…
2024-03-25
High
CVE-2024-25002
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device.
High
CVE-2024-24899
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated wit…
High
CVE-2024-24897
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated wit…
High
CVE-2024-24892
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection,…
High
CVE-2024-24890
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated w…
2024-03-24
Medium
CVE-2024-2854
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName le…
Medium
CVE-2024-2853
A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of…
Medium
CVE-2024-2851
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of…
2024-03-23
High
CVE-2021-33633
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated wi…
2024-03-22
High
CVE-2024-29366
A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.
Critical
CVE-2024-29185
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is…
High
CVE-2024-2448
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell comman…
Medium
CVE-2024-2812
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of…
2024-03-21
High
CVE-2024-2162
An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4…
Critical
CVE-2024-29864
Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.
2024-03-20
Critical
CVE-2024-2443
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when conf…
Medium
CVE-2024-2707
A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the…
2024-03-19
High
CVE-2024-2642
A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulatio…
High
CVE-2023-44092
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reve…
2024-03-18
High
CVE-2024-27772
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE
2024-03-15
Medium
CVE-2023-51699
Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRun…
Critical
CVE-2024-28354
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username i…
High
CVE-2024-28353
There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_na…
2024-03-13
High
CVE-2024-2415
Command injection vulnerability in Movistar 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an authenticated user to execute commands inside the router by making a POST…
2024-03-12
High
CVE-2024-25998
An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation.
Critical
CVE-2024-22127
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection v…
2024-03-11
High
CVE-2024-28187
SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability wit…
2024-03-10
High
CVE-2024-2353
A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the comp…
Medium
CVE-2024-2352
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update…
2024-03-09
High
CVE-2024-25951
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
2024-03-08
Medium
CVE-2023-34980
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands…
2024-03-07
High
CVE-2024-0815
Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0
High
CVE-2024-0817
Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0
High
CVE-2023-47415
Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter.
2024-03-06
Medium
CVE-2024-20335
A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks…
2024-03-05
High
CVE-2024-25613
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…
High
CVE-2024-25612
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…
High
CVE-2024-25611
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…
High
CVE-2024-1356
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a…
High
CVE-2024-22188
TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerab…
2024-03-01
Critical
CVE-2024-1624
An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Rel…
2024-02-28
Medium
CVE-2024-25579
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted r…
2024-02-26
Medium
CVE-2024-25082
Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files.
Medium
CVE-2024-25081
Splinefont in FontForge through 20230101 allows command injection via crafted filenames.
Critical
CVE-2023-49959
In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root pr…
2024-02-23
Medium
CVE-2024-1781
A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component…
2024-02-22
High
CVE-2024-25851
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.
Critical
CVE-2024-25850
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter
Medium
CVE-2023-51450
baserCMS is a website development framework. Prior to version 5.0.9, there is an OS Command Injection vulnerability in the site search feature of baserCMS. Version 5.0.9 contains a fix for this vulne…
2024-02-21
Critical
CVE-2023-24331
Command Injection vulnerability in D-Link Dir 816 with firmware version DIR-816_A2_v1.10CNB04 allows attackers to run arbitrary commands via the urlAdd parameter.
High
CVE-2023-24330
Command Injection vulnerability in D-Link Dir 882 with firmware version DIR882A1_FW130B06 allows attackers to run arbitrary commands via crafted POST request to /HNAP1/.
2024-02-20
High
CVE-2023-6398
A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 throu…
High
CVE-2024-1297
Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection.
2024-02-19
Critical
CVE-2023-6260
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Brivo ACS100, ACS300 allows OS Command Injection, Bypassing Physical Security.This issue af…
2024-02-16
High
CVE-2024-22426
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execu…
2024-02-15
Critical
CVE-2024-20720
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could…
Critical
CVE-2023-32462
Dell OS10 Networking Switches running 10.5.2.x and above contain an OS command injection vulnerability when using remote user authentication. A remote unauthenticated attacker could potentially explo…
Critical
CVE-2024-26260
The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parame…
2024-02-14
High
CVE-2024-24301
Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be ex…
High
CVE-2024-1367
A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to…
High
CVE-2024-22093
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the att…
2024-02-13
Critical
CVE-2024-1378
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad…
Critical
CVE-2024-1374
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad…
Critical
CVE-2024-1372
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when conf…
Critical
CVE-2024-1369
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when sett…
Critical
CVE-2024-1359
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when sett…
Critical
CVE-2024-1355
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the a…
High
CVE-2024-1354
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `…