chris

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2021:0800-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-13936 Upstream summary: An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2019:14014-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-8020 CVE-2017-15698 CVE-2018-8019 Upstream summary: Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SR:2011:009 (see also SUSE bugzilla) Related CVEs: CVE-2011-0421 CVE-2012-1162 CVE-2012-1163 CVE-2017-12858 CVE-2017-14107 Upstream summary: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:0076-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-40899 Upstream summary: An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14637-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-34749 CVE-2017-15612 CVE-2017-16876 Upstream summary: In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2017:0338-1 (see also SUSE bugzilla) Related CVEs: CVE-2016-7545 CVE-2018-1063 Upstream summary: SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call. Table of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-RU-2026:1001-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-31812 CVE-2023-40030 Upstream summary: Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:1218-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-33657 CVE-2020-14409 CVE-2020-14410 CVE-2019-13616 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575  +7 more Upstream summary: There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2017-18198 CVE-2017-18201 CVE-2017-18199 Upstream summary: print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2015:0270-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-9114 CVE-2016-2779 CVE-2017-2616 CVE-2024-28085 CVE-2025-14104 CVE-2026-3184 CVE-2021-3995 CVE-2021-3996  +4 more Upstream summary: Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. Table […]