openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-38714 CVE-2011-4620 CVE-2012-4552 Upstream summary: In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2021-24112 CVE-2015-2318 CVE-2015-2319 CVE-2015-2320 Upstream summary: Unknown. Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution – […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2015:0807-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-2977 CVE-2014-2978 Upstream summary: Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14536-1 Related CVEs: CVE-2014-4966 CVE-2014-4967 CVE-2016-9587 CVE-2017-7466 CVE-2018-10875 CVE-2018-16837 CVE-2019-14904 CVE-2019-14905  +12 more Upstream summary: Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02056-1 (see also SUSE bugzilla) Related CVEs: CVE-2015-4852 CVE-2025-48734 CVE-2014-3540 CVE-2019-10086 CVE-2014-0114 Upstream summary: The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2019:1091-1 (see also SUSE bugzilla) Related CVEs: CVE-2019-11365 CVE-2020-6097 CVE-2021-41054 Upstream summary: An issue was discovered in atftpd in atftp 0.7.1. A remote attacker may send a crafted packet triggering a stack-based […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SR:2007:015 (see also SUSE bugzilla) Related CVEs: CVE-2007-3641 CVE-2024-20696 CVE-2024-26256 CVE-2022-26280 CVE-2025-1632 CVE-2025-25724 CVE-2024-57970 CVE-2017-5601  +12 more Upstream summary: archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2020-28601 CVE-2020-35636 Upstream summary: A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:0928-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-14983 Upstream summary: The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:1116-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-15917 CVE-2012-4507 CVE-2015-8614 CVE-2015-8708 Upstream summary: common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. Table of […]