openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2023-6378 CVE-2023-6481 CVE-2024-12798 CVE-2026-1225 CVE-2025-11226 CVE-2024-12801 Upstream summary: A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:17428 (see also SUSE bugzilla) Related CVEs: CVE-2025-41244 CVE-2023-34058 CVE-2023-34059 CVE-2023-20900 CVE-2022-31676 CVE-2025-22247 CVE-2023-20867 CVE-2015-5191 Upstream summary: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03520-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-57052 CVE-2024-31755 CVE-2023-50471 CVE-2023-50472 CVE-2023-26819 Upstream summary: cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03285-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-53192 Upstream summary: ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2024:7346 (see also SUSE bugzilla) Related CVEs: CVE-2024-47076 CVE-2024-47175 CVE-2024-47176 CVE-2023-24805 CVE-2024-47850 CVE-2013-6473 CVE-2013-6474 CVE-2013-6475  +10 more Upstream summary: CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0167-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-22373 CVE-2024-22391 CVE-2024-25569 Upstream summary: An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:17162 (see also SUSE bugzilla) Related CVEs: CVE-2025-40928 Upstream summary: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-9300 Upstream summary: A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2025-8959 Upstream summary: HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03052-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-20053 CVE-2025-20109 CVE-2025-22839 CVE-2025-22840 CVE-2025-22889 CVE-2025-26403 CVE-2025-32086 CVE-2024-21820  +12 more Upstream summary: Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may […]