openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:9329 (see also SUSE bugzilla) Related CVEs: CVE-2025-40908 CVE-2012-1152 Upstream summary: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Table of contents Symptom & Impact […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-48208 CVE-2019-20176 CVE-2021-40524 CVE-2020-9274 CVE-2020-9365 CVE-2011-0411 CVE-2011-0418 Upstream summary: pure-ftpd before 1.0.52 is vulnerable to Buffer Overflow. There is an out of bounds read in […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2025-30167 Upstream summary: Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:3744-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-6545 Upstream summary: Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:01326-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-27152 CVE-2023-1732 CVE-2023-45683 CVE-2023-46234 CVE-2024-23331 CVE-2024-37298 CVE-2024-47875 CVE-2024-48949  +12 more Upstream summary: axios is a promise based HTTP client for the browser and node.js. The […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15194-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-46807 CVE-2025-46806 Upstream summary: A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15167-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-3155 Upstream summary: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15146-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-47290 Upstream summary: containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:0030-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-54662 Upstream summary: Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod. Table of contents Symptom & […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15074-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-3935 CVE-2023-28366 CVE-2023-3592 CVE-2020-13849 CVE-2018-12551 CVE-2023-0809 CVE-2021-34434 CVE-2017-7650  +10 more Upstream summary: In Eclipse Mosquito, versions from 2.0.0 through 2.0.18, if a Mosquitto broker is […]