openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-47619 CVE-2008-5110 Upstream summary: syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:21144-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-30706 CVE-2017-3523 CVE-2023-21971 CVE-2021-2471 CVE-2015-2575 CVE-2017-3589 CVE-2020-2875 Upstream summary: Unknown. Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15011-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-3839 CVE-2023-26081 CVE-2022-29536 CVE-2021-45085 CVE-2021-45088 CVE-2018-11396 Upstream summary: A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15001-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-3445 Upstream summary: A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15003-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-56406 CVE-2023-47039 CVE-2025-40909 CVE-2023-47038 CVE-2005-3962 CVE-2007-5116 CVE-2010-2761 CVE-2010-4410  +10 more Upstream summary: A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14996-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-0406 CVE-2025-11579 Upstream summary: A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14972-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-31492 CVE-2024-24814 CVE-2022-23527 CVE-2019-14857 CVE-2021-32785 CVE-2021-32786 Upstream summary: mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:0113-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-2592 CVE-2025-3015 CVE-2024-45679 CVE-2024-40724 CVE-2022-45748 CVE-2024-48426 CVE-2025-2152 CVE-2025-3159  +10 more Upstream summary: A vulnerability, which was classified as critical, has been found in Open Asset […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:0123-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-1860 Upstream summary: Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14937-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-30153 CVE-2026-32285 Upstream summary: kin-openapi is a Go project for handling OpenAPI files. Prior to 0.131.0, when validating a request with a multipart/form-data schema, if […]