30761 matches found
OPENSUSE-SU-2026:20312-1 Security update for libxml2, libxslt
This update for libxml2, libxslt fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811. - CVE-2026-0992: excessive resource consumption when processing XML...
EUVD-2026-9371
International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...
CVE-2026-28777
International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...
CVE-2026-28777 Hardcoded and Insecure Credentials for "User" Local Account with SSH Access On IDC SFX2100 Satellite Receiver
International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...
CVE-2026-28777
International Datacasting Corporation IDC SFX2100 Satellite Receiver, trivial password for the user usr account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the system, while intially dropped into a restricted shell, an attacker can trivially spawn a...
CVE-2026-28777
The SFX2100 Satellite Receiver from IDC is affected by a credential issue: a trivial password for the user (usr) account enables remote unauthenticated SSH access. An attacker can land in a restricted shell and trivially spawn a full pty for an interactive shell, leading to high impact on confide...
CVE-2026-28776 Hardcoded and Insecure Credentials for "monitor" account with SSH Access On IDC SFX2100 Satellite Receiver
International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...
CVE-2026-28776
IDC SFX Series SuperFlex SatelliteReceiver is affected by hardcoded credentials for the monitor account, allowing remote, unauthenticated SSH access. Initial access starts in a restricted shell, with the attacker able to break out to a full shell. The CVSS metrics indicate NETWORK access, LOW int...
CVE-2026-28776
International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...
CVE-2026-28776 Hardcoded and Insecure Credentials for "monitor" account with SSH Access On IDC SFX2100 Satellite Receiver
International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the monitor account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the system via SSH. While initially dropped into a restricted shell,...
CVE-2026-21882
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...
SUSE CVE-2026-27626
OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check checkShellArgumentSafety blocks several dangerous argument types but not password. A user supplying a password-typed argument can inject shell...
CVE-2026-26478
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...
CVE-2026-26478
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...
PT-2026-22937
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...
CVE-2026-26478
A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...
Cisco Secure Firewall Adaptive Security Appliance 安全漏洞
The Cisco Secure Firewall Adaptive Security Appliance is an enterprise-level firewall software developed by Cisco, a US company. There is a security vulnerability in the Cisco Secure Firewall Adaptive Security Appliance software. This vulnerability stems from insufficient input validation during...
PT-2026-22879
Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX2100 Satellite Receiver affected versions not specified Description The SFX2100 Satellite Receiver has a default, easily guessable password for the user usr account. An unauthenticated remote attack...
Mobvoi Tichome Mini 安全漏洞
The Mobvoi Tichome Mini is a portable waterproof audio device produced by the Chinese company Mobvoi. The Mobvoi Tichome Mini has a security vulnerability, which stems from shell command injection. This vulnerability could allow remote attackers to execute arbitrary shell code using a root accoun...
International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞
The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device from the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from weak passwords for user...