openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-RU-2022:3275-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-21330 CVE-2023-47641 CVE-2023-49081 CVE-2024-23334 CVE-2023-47627 Upstream summary: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3103-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-31799 CVE-2020-28473 Upstream summary: Bottle before 0.12.20 mishandles errors during early request binding. Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:3168-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-40217 CVE-2023-24329 CVE-2021-28861 CVE-2015-20107 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2014-1912  +12 more Upstream summary: An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:4367-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-46751 CVE-2022-37865 CVE-2022-37866 Upstream summary: Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-1471 CVE-2023-3894 Upstream summary: SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2024:9413 (see also SUSE bugzilla) Related CVEs: CVE-2023-27349 CVE-2022-0204 CVE-2023-45866 CVE-2016-9918 CVE-2021-0129 CVE-2016-9917 CVE-2016-9804 CVE-2020-0556  +5 more Upstream summary: BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0219-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-32184 Upstream summary: A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:3222-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-38104 Upstream summary: GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0205-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-30577 CVE-2022-37704 CVE-2022-37705 CVE-2022-37703 Upstream summary: AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:3030-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-37464 Upstream summary: OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag […]