openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-4140 Upstream summary: An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0118-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-33663 CVE-2024-33664 Upstream summary: python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. Table of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-3203 Upstream summary: A vulnerability, which was classified as critical, was found in c-blosc2 up to 2.13.2. Affected is the function ndlz8_decompress of the file […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:1440-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-1135 Upstream summary: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0130-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-32650 Upstream summary: Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:1396-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-31744 CVE-2015-5203 CVE-2015-5221 CVE-2016-1577 CVE-2016-8654 CVE-2016-9262 CVE-2016-9560 CVE-2020-27828  +12 more Upstream summary: In Jasper 4.2.2, the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability, […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:1301-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-27983 CVE-2024-21890 CVE-2024-21891 CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 CVE-2023-39331  +12 more Upstream summary: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0211-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-22189 CVE-2026-35480 CVE-2023-49295 Upstream summary: quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:1154-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-28219 Upstream summary: In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. Table of contents Symptom & […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-28960 CVE-2015-5291 CVE-2025-27809 CVE-2025-27810 CVE-2024-45157 CVE-2024-23170 CVE-2014-8627 CVE-2014-8628  +1 more Upstream summary: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and […]