19 matches found
CVE-2026-33310
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...
SUSE CVE-2026-33310
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...
Command Injection
Overview intake is a Data catalog, search and load Affected versions of this package are vulnerable to Command Injection via the catalog parsing when the shell syntax is used within parameter default values. An attacker can execute arbitrary commands on the host system by crafting a malicious...
CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...
CVE-2026-33310
Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...
Intake has a Command Injection via shell() Expansion in Parameter Defaults
Summary The shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command may be executed when the catalog source is accessed. This means that if a user loads a malicious...
SUSE SLES16 Security Update : libxml2, libxslt (SUSE-SU-2026:20631-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20631-1 advisory. Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in...
SUSE-SU-2026:20707-1 Security update for libxslt, libxml2
This update for libxslt, libxml2 fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811. - CVE-2026-0992: excessive resource consumption when processing XML...
OPENSUSE-SU-2026:20312-1 Security update for libxml2, libxslt
This update for libxml2, libxslt fixes the following issues: Changes in libxml2: - CVE-2026-0990: call stack overflow may lead to application crash due to infinite recursion in xmlCatalogXMLResolveURI bsc1256807, bsc1256811. - CVE-2026-0992: excessive resource consumption when processing XML...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...
SUSE-SU-2026:0605-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in xmlCatalogXMLResolveURI. bsc1256807, bsc1256811 - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to...
Low: libxml2
Issue Overview: A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has be...
SUSE-SU-2025:4116-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850 Patch...
SUSE-SU-2025:4115-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850...
SUSE SLES12: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-doc / etc (SUSE-SU-2025:4104-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4104-1 advisory. - CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite...
Security update for libxml2
This update for libxml2 fixes the following issues: CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850 Patch...
SUSE-SU-2025:4104-1 Security update for libxml2
This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed infinite recursion at exsltDynMapFunction function in libexslt/dynamic.c bsc1249076 - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files bsc1247850...
ROS-20251111-01
A vulnerability in the libxml2 library for manipulating XML and HTML files is related to uncontrolled recursion during the XPath computation in the xmlXPathRunEval function in xpath.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the...