openSUSE Leap 15.6

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15181-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-32801 CVE-2025-32802 CVE-2025-32803 Upstream summary: Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1068-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-3172 Upstream summary: Buffer overflow in parallel HNSW index build in pgvector 0.6.0 through 0.8.1 allows a database user to leak sensitive data from […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:12176 (see also SUSE bugzilla) Related CVEs: CVE-2026-30922 CVE-2026-23490 Upstream summary: pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:13641 (see also SUSE bugzilla) Related CVEs: CVE-2026-31958 CVE-2024-52804 Upstream summary: Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1137-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-32776 CVE-2026-32777 CVE-2025-59375 CVE-2024-8176 CVE-2026-32778 CVE-2026-25210 CVE-2026-24515 CVE-2024-45490  +2 more Upstream summary: libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:0990-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-4105 CVE-2026-29111 CVE-2025-4598 Upstream summary: A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:6259 (see also SUSE bugzilla) Related CVEs: CVE-2026-2920 CVE-2026-2922 Upstream summary: GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:0916-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-28296 CVE-2026-28295 Upstream summary: A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:0978-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-25075 CVE-2025-62291 Upstream summary: strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:7080 (see also SUSE bugzilla) Related CVEs: CVE-2026-27135 Upstream summary: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops […]