openSUSE Tumbleweed

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2019:0129-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-1000805 CVE-2018-7750 Upstream summary: Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2021:0048-1 (see also SUSE bugzilla) Related CVEs: CVE-2017-11427 Upstream summary: OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-FU-2022:0444-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-15801 CVE-2025-4330 CVE-2025-4517 CVE-2022-42919 CVE-2020-15523 CVE-2021-29921 CVE-2025-12084 CVE-2025-13837  +9 more Upstream summary: In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2018:0473-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-5379 CVE-2021-44038 CVE-2018-5381 CVE-2006-2223 CVE-2007-1995 CVE-2013-2236 CVE-2016-1245 CVE-2016-2342  +11 more Upstream summary: The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2018:2120-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-10895 CVE-2018-1000559 CVE-2020-11054 Upstream summary: qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2019:2135-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181  +12 more Upstream summary: rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:1677-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-8165 CVE-2022-31254 CVE-2023-27530 CVE-2019-16770 CVE-2019-18904 CVE-2019-5420 CVE-2020-15169 CVE-2020-8164  +10 more Upstream summary: A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15119-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-28834 CVE-2020-14001 Upstream summary: Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thus arbitrary classes can be instantiated. Table of […]

🔴 Critical   ⏱ 15–90 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2017-5946 CVE-2018-1000544 Upstream summary: The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading […]