openSUSE Tumbleweed

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-0242 CVE-2023-0290 Upstream summary: Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0184-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-12762 Upstream summary: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. Table of contents […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0102-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-0341 CVE-2026-40489 Upstream summary: A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-42725 Upstream summary: Warpinator through 1.2.14 allows access outside of an intended directory, as demonstrated by symbolic directory links. Table of contents Symptom & Impact […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0244-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-30549 CVE-2022-23538 CVE-2022-39237 CVE-2025-65105 CVE-2023-38496 CVE-2025-8556 CVE-2024-45310 Upstream summary: Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-2251 CVE-2023-28427 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-36059 CVE-2025-59161  +6 more Upstream summary: Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. Table of contents Symptom […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2022-47630 CVE-2022-23960 Upstream summary: Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:3915-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-48468 CVE-2022-33070 Upstream summary: protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2023-23623 CVE-2024-30261 Upstream summary: Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:1176-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-25881 CVE-2023-23919 CVE-2023-23920 CVE-2023-24807 CVE-2022-43548 CVE-2023-23918 Upstream summary: This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request […]