openSUSE Leap 15.6

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:1402-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-5992 CVE-2024-45615 CVE-2024-45616 CVE-2024-45617 CVE-2024-45618 CVE-2024-45619 CVE-2024-45620 CVE-2024-8443 Upstream summary: A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02734-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-6297 Upstream summary: It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02591-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-45751 Upstream summary: tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:3817-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-47908 Upstream summary: Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02695-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-53367 Upstream summary: DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03077-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-58266 CVE-2024-12224 Upstream summary: The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and xa0 characters, which may […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03025-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-7962 Upstream summary: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the r and n UTF-8 characters to […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:17558 (see also SUSE bugzilla) Related CVEs: CVE-2025-48964 CVE-2025-47268 Upstream summary: ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2024:9404 (see also SUSE bugzilla) Related CVEs: CVE-2024-2236 Upstream summary: A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02448-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-0718 Upstream summary: A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause […]