openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SR:2008:012 (see also SUSE bugzilla) Related CVEs: CVE-2008-1423 CVE-2007-3106 CVE-2008-1419 CVE-2008-1420 CVE-2009-3379 CVE-2017-14160 CVE-2017-14632 CVE-2018-10392  +2 more Upstream summary: Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2014:0449-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-2323 CVE-2014-2324 CVE-2022-37797 CVE-2007-1870 CVE-2008-4359 CVE-2013-4508 CVE-2022-41556 CVE-2022-22707  +11 more Upstream summary: SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:1453-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-17353 CVE-2018-10992 Upstream summary: scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:0915-1 (see also SUSE bugzilla) Related CVEs: CVE-2019-15232 CVE-2018-4013 CVE-2019-6256 CVE-2019-7314 CVE-2019-9215 CVE-2021-28899 CVE-2021-38380 CVE-2021-38381  +4 more Upstream summary: Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:2090-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-15180 CVE-2026-32710 CVE-2021-46661 CVE-2021-46663 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052  +12 more Upstream summary: A flaw was found in the mysql-wsrep component of mariadb. Lack of input […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2017-1000494 CVE-2014-3985 Upstream summary: Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2016-10132 CVE-2016-10141 CVE-2025-55780 CVE-2026-25556 CVE-2016-8729 CVE-2017-17858 CVE-2017-5627 CVE-2017-5628  +12 more Upstream summary: regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2018:2212-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-14354 CVE-2018-14360 CVE-2018-14361 CVE-2018-14351 CVE-2018-14357 CVE-2018-14363 CVE-2020-14093 CVE-2020-14154  +12 more Upstream summary: An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-3420 Upstream summary: A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:0802-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-8174 CVE-2021-22930 CVE-2021-22940 CVE-2021-37701 CVE-2021-37713 CVE-2021-39135 CVE-2020-11080 CVE-2020-7774  +12 more Upstream summary: napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and […]