openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-28686 Upstream summary: Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-28154 Upstream summary: Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-22484 CVE-2023-22486 Upstream summary: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:0013-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-47021 Upstream summary: A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:1967-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-26484 CVE-2025-64433 CVE-2024-33394 CVE-2025-64437 Upstream summary: KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:1458-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-25577 Upstream summary: Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0096-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-1350 CVE-2005-4791 Upstream summary: A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:2292-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-25749 Upstream summary: Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. Table of contents Symptom & Impact […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:1494-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-1017 CVE-2021-3746 CVE-2026-21444 CVE-2025-49133 CVE-2023-1018 CVE-2021-3623 CVE-2021-3446 CVE-2021-3505 Upstream summary: An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:0442-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-22792 CVE-2023-22795 CVE-2023-22797 CVE-2022-23633 CVE-2021-22942 CVE-2021-44528 Upstream summary: A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in […]