Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.5 views

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.6 views

SUSE CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/24 2:32 p.m.3 views

Command Injection

Overview intake is a Data catalog, search and load Affected versions of this package are vulnerable to Command Injection via the catalog parsing when the shell syntax is used within parameter default values. An attacker can execute arbitrary commands on the host system by crafting a malicious...

8.8CVSS6.1AI score0.00428EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/24 1:17 p.m.21 views

CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS0.00428EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 1:17 p.m.3 views

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/19 5:46 p.m.7 views

Intake has a Command Injection via shell() Expansion in Parameter Defaults

Summary The shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command may be executed when the catalog source is accessed. This means that if a user loads a malicious...

8.8CVSS6AI score0.00428EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.4 views

SUSE SLES16 Security Update : libxml2, libxslt (SUSE-SU-2026:20631-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20631-1 advisory. Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in...

6.2CVSS6.1AI score0.00755EPSS
Exploits3References24
OSV
OSV
added 2026/03/06 11:53 a.m.4 views

SUSE-SU-2026:20707-1 Security update for libxslt, libxml2

This update for libxslt, libxml2 fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811. - CVE-2026-0992: excessive resource consumption when processing XML...

6.2CVSS5.8AI score0.00755EPSS
Exploits4References21
OSV
OSV
added 2026/03/04 10:51 a.m.4 views

OPENSUSE-SU-2026:20312-1 Security update for libxml2, libxslt

This update for libxml2, libxslt fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811. - CVE-2026-0992: excessive resource consumption when processing XML...

6.2CVSS6AI score0.00755EPSS
Exploits3References18
SUSE Linux
SUSE Linux
added 2026/02/24 11:19 a.m.5 views

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

8.2CVSS5.5AI score0.00755EPSS
Exploits4References40
OSV
OSV
added 2026/02/24 11:19 a.m.3 views

SUSE-SU-2026:0605-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...

6.2CVSS6.2AI score0.00755EPSS
Exploits4References21
Amazon
Amazon
added 2026/01/21 12:0 a.m.7 views

Low: libxml2

Issue Overview: A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has be...

4.8CVSS4.7AI score0.00143EPSS
Exploits1
OSV
OSV
added 2025/11/17 7:26 a.m.2 views

SUSE-SU-2025:4116-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850...

6.2CVSS6.9AI score0.00144EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2025/11/17 7:26 a.m.2 views

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850 Patch...

6.9CVSS7.1AI score0.00144EPSS
Exploits1References8
OSV
OSV
added 2025/11/17 7:25 a.m.1 views

SUSE-SU-2025:4115-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850...

6.2CVSS4.8AI score0.00144EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/11/16 12:0 a.m.8 views

SUSE SLES12: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-doc / etc (SUSE-SU-2025:4104-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4104-1 advisory. - CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite...

6.2CVSS6.2AI score0.00144EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2025/11/14 10:4 a.m.4 views

Security update for libxml2

This update for libxml2 fixes the following issues: CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850 Patch...

6.9CVSS7.1AI score0.00144EPSS
Exploits1References8
OSV
OSV
added 2025/11/14 10:4 a.m.4 views

SUSE-SU-2025:4104-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850...

6.2CVSS6.1AI score0.00144EPSS
Exploits1References5
Redos
Redos
added 2025/11/11 12:0 a.m.8 views

ROS-20251111-01

A vulnerability in the libxml2 library for manipulating XML and HTML files is related to uncontrolled recursion during the XPath computation in the xmlXPathRunEval function in xpath.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the...

6.2CVSS4.5AI score0.00144EPSS
Exploits1
Rows per page
Query Builder