openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:3030-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-37464 Upstream summary: OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0222-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-31486 CVE-2026-7010 Upstream summary: HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:2823-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-35789 CVE-2019-18609 Upstream summary: An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:2064-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-1999 CVE-2016-8888 Upstream summary: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:2092-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-3138 CVE-2018-14600 CVE-2020-14363 CVE-2021-31535 CVE-2025-26597 CVE-2022-3555 CVE-2023-43785 CVE-2023-43786  +8 more Upstream summary: A vulnerability was found in libX11. The security flaw occurs because the functions […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0157-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-32784 Upstream summary: In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:1678-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-32067 CVE-2025-31498 CVE-2024-25629 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2022-4904 CVE-2017-1000381 Upstream summary: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1112-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-3630 CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500 CVE-2025-53367 CVE-2021-46310  +6 more Upstream summary: An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:1835-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-30861 Upstream summary: Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:2210-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-30551 CVE-2026-23831 CVE-2026-24117 CVE-2023-33199 CVE-2025-29923 Upstream summary: Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due […]