openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:0777-1 Related CVEs: CVE-2022-44729 CVE-2022-41704 CVE-2022-42890 CVE-2022-44730 CVE-2020-11987 CVE-2022-38398 CVE-2022-38648 CVE-2022-40146  +1 more Upstream summary: Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-27454 Upstream summary: orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. Table of contents Symptom & Impact Environment & […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0146-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-46009 CVE-2023-36193 Upstream summary: gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. Table of contents Symptom & Impact […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2024:8117 (see also SUSE bugzilla) Related CVEs: CVE-2023-48161 CVE-2018-11490 CVE-2026-23868 CVE-2019-15133 CVE-2015-7555 CVE-2016-3977 CVE-2021-40633 Upstream summary: Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14811-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-25126 CVE-2024-26141 CVE-2024-26146 Upstream summary: Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack's media type parser to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:0726-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-25710 CVE-2024-26308 CVE-2019-12402 CVE-2021-35515 CVE-2021-35516 CVE-2021-35517 CVE-2021-36090 Upstream summary: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14571-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-23653 CVE-2024-23651 CVE-2023-28840 CVE-2021-43565 CVE-2014-8178 CVE-2014-8179 CVE-2014-9356 CVE-2014-9357  +12 more Upstream summary: BuildKit is a toolkit for converting source code to build artifacts in an […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0047-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-25442 CVE-2024-25445 CVE-2007-5200 Upstream summary: An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:2584-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-24575 CVE-2024-24574 CVE-2023-22742 CVE-2016-10128 CVE-2016-10130 CVE-2016-8568 CVE-2016-8569 CVE-2018-10887  +1 more Upstream summary: libgit2 is a portable C implementation of the Git core methods provided as […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-45139 Upstream summary: fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which […]