OPENSUSE-SU-2025:0091-1 Security update for restic

This update for restic fixes the following issues: - Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 boo1239264 - Update to version 0.17.3 - Fix 4971: Fix unusable mount on macOS Sonoma - Fix 5003: Fix metadata errors during...

OESA-2025-1117 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables...

DEBIAN-CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

[SECURITY] Fedora 38 Update: rust-eza-0.17.3-2.fc38

A modern replacement for ls...

SUSE CVE-2017-7511

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents...

Fat Free CRM vulnerable to Cross-site Scripting

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, and ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appears to be exploitable via Content with Javascript payload will be executed...

CVE-2018-1000842

FatFreeCRM version =0.15.0 =0.16.0 =0.17.0 =0.17.2, ==0.18.0 contains a Cross Site Scripting XSS vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65 that can result in Javascript execution. This attack appear to be exploitable via Content with Javascript payload will be executed on e...

CVE-2017-7511

poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents...

CVE-2002-1111

CVE-2002-1111 affects Mantis (print_all_bug_page.php) in versions 0.17.3 and earlier where limit_reporters is not enforced, allowing remote attackers to view bug summaries for bugs they should not see. The Debian advisory for DSA-153-1 states the issue, including the specific vulnerability in the...

[Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis

Mantis Advisory/2002-01 SQL poisoning vulnerability in Mantis 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 6. Contact details 1. Introduction Mantis is an Open Source web-based bugtracking system, written i...