openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15113-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-21831 Upstream summary: A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-25643 Upstream summary: seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0068-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-0699 Upstream summary: A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1640-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-44847 Upstream summary: A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-3657 CVE-2021-44143 CVE-2021-20247 CVE-2021-3578 Upstream summary: A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-27378 CVE-2024-12224 CVE-2021-32714 CVE-2020-35905 CVE-2020-36465 CVE-2021-32715 CVE-2021-38191 Upstream summary: An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0091-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-44790 CVE-2021-42013 CVE-2010-0425 CVE-2026-23918 CVE-2026-24072 CVE-2026-29169 CVE-2026-33006 CVE-2026-33523  +12 more Upstream summary: A carefully crafted request body can cause a buffer overflow in the mod_lua […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-3756 CVE-2019-10672 CVE-2019-16092 CVE-2019-16093 CVE-2019-16091 CVE-2019-16094 CVE-2019-16095 CVE-2019-20063  +7 more Upstream summary: libmysofa is vulnerable to Heap-based Buffer Overflow Table of contents Symptom & Impact […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1577-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-44228 CVE-2019-17571 CVE-2021-45105 CVE-2021-45046 CVE-2026-34477 CVE-2026-34479 CVE-2026-34480 CVE-2026-34481  +4 more Upstream summary: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14621-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-41816 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2020-10663 CVE-2021-41817 CVE-2021-41819 CVE-2020-10933  +2 more Upstream summary: CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow […]