openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2019-14697 CVE-2026-33413 Upstream summary: musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1273-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-3781 CVE-2025-27832 CVE-2025-27833 CVE-2025-27834 CVE-2025-27835 CVE-2025-27836 CVE-2024-46951 CVE-2024-46952  +12 more Upstream summary: A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2015:0100-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-9390 CVE-2019-1353 CVE-2025-27614 CVE-2025-46334 CVE-2025-48384 CVE-2025-48385 CVE-2024-32002 CVE-2024-32004  +12 more Upstream summary: Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2015-8972 CVE-2019-15767 CVE-2021-30184 Upstream summary: Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2020-25412 CVE-2025-31176 CVE-2025-31177 CVE-2025-31178 CVE-2025-31179 CVE-2025-31180 CVE-2025-31181 CVE-2025-3359  +5 more Upstream summary: com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SA:2008:046 (see also SUSE bugzilla) Related CVEs: CVE-2008-1949 CVE-2026-33845 CVE-2026-33846 CVE-2026-42009 CVE-2026-42010 CVE-2026-1584 CVE-2025-32988 CVE-2024-12133  +12 more Upstream summary: The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2017-15041 CVE-2018-16873 CVE-2018-6574 CVE-2014-7189 CVE-2016-3959 CVE-2016-5386 CVE-2018-16874 CVE-2018-16875  +5 more Upstream summary: Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1188-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-3711 CVE-2025-5702 CVE-2024-3154 CVE-2023-45853 CVE-2022-2068 CVE-2025-12183 Upstream summary: In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2019:1697-1 (see also SUSE bugzilla) Related CVEs: CVE-2019-12447 CVE-2019-12449 CVE-2026-28296 CVE-2019-12448 CVE-2026-28295 CVE-2019-12795 CVE-2019-3827 Upstream summary: An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2018:2797-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-17141 CVE-2020-15396 CVE-2020-15397 CVE-2020-8024 Upstream summary: HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a […]