openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10257-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-46393 CVE-2022-35409 CVE-2021-45450 CVE-2018-0487 CVE-2018-0488 CVE-2021-24119 CVE-2017-14032 CVE-2017-2784  +1 more Upstream summary: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0769-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-30499 CVE-2021-30498 CVE-2026-42046 CVE-2018-20547 CVE-2022-0856 CVE-2021-3410 CVE-2018-20548 CVE-2018-20544  +3 more Upstream summary: A flaw was found in libcaca. A buffer overflow of export.c in function […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-40401 CVE-2021-40391 CVE-2021-40400 CVE-2023-4508 CVE-2021-40403 CVE-2021-40393 Upstream summary: A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:0224-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-45047 Upstream summary: Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-38143 CVE-2022-41639 CVE-2022-41794 CVE-2022-41838 CVE-2022-41988 CVE-2023-22845 CVE-2023-24472 CVE-2022-41684  +12 more Upstream summary: A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2022-36086 CVE-2025-62370 CVE-2024-28854 CVE-2023-5129 CVE-2021-32629 CVE-2025-27591 CVE-2024-52813 CVE-2024-47609  +4 more Upstream summary: linked_list_allocator is an allocator usable for no_std systems. Prior to version 0.10.2, the heap initialization methods were […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:4215-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-37026 CVE-2020-25623 CVE-2020-35733 CVE-2016-1000107 CVE-2025-26618 Upstream summary: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:2627-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-3515 CVE-2022-47629 CVE-2014-9087 CVE-2016-4574 CVE-2016-4579 Upstream summary: A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:712-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-42889 Upstream summary: Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10144-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-2119 Upstream summary: OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM […]