SUSE-SU-2022:14903-1 Security update for expat

This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs bsc1196025. - CVE-2022-25235: Fixed UTF-8 character validation in a certain context bsc1196026. - CVE-2022-25313: Fixed stack exhaustion in buildmodel vi...

Expat has an unspecified vulnerability (CNVD-2022-18357)

Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by attackers to insert namespace separators into namespace URIs...

Mapbox: Reflected XSS via XML Namespace URI on https://go.mapbox.com/index.php/soap/

On January 22, 2020 user @h4ck3d reported a reflected XSS vulnerability via an XML Namespace URI on go.mapbox.com. Using the information provided by the researcher, we deployed a patch to this page on February 11, 2020...

OpenJDK: maximum XML name limit not applied to namespace URIs (JAXP, 8148872)

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508...