openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-40619 CVE-2019-10784 CVE-2008-5587 CVE-2011-3598 CVE-2012-1600 Upstream summary: phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0328-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-40426 CVE-2023-34318 CVE-2019-13590 CVE-2021-3643 CVE-2022-31650 CVE-2022-31651 CVE-2023-32627 CVE-2017-11332  +9 more Upstream summary: A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0306-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-4170 CVE-2021-33477 CVE-2008-1142 CVE-2014-3121 CVE-2017-7483 Upstream summary: The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0260-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-27586 CVE-2021-21236 Upstream summary: CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-33388 CVE-2021-33390 CVE-2021-32420 CVE-2021-32421 CVE-2021-32422 Upstream summary: dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y Table of contents Symptom & Impact […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-38199 CVE-2023-5003 CVE-2021-40438 Upstream summary: coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-31543 Upstream summary: A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2020-12761 CVE-2008-2426 CVE-2008-5187 CVE-2010-0991 Upstream summary: modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:1963-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-29402 CVE-2023-29404 CVE-2023-29405 CVE-2023-29409 CVE-2023-29403 CVE-2023-24539 CVE-2023-29400 CVE-2023-24534  +8 more Upstream summary: The go command may generate unexpected code at build time when using cgo. […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0253-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-33863 CVE-2023-33864 CVE-2023-33865 Upstream summary: SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) […]