openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15112-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-22794 CVE-2022-32224 CVE-2022-44566 Upstream summary: A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:0275-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-22796 Upstream summary: A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15120-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-23514 CVE-2022-23516 CVE-2022-23515 Upstream summary: Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15125-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-23518 CVE-2022-23519 CVE-2022-23517 CVE-2022-23520 CVE-2022-32209 Upstream summary: rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2022-0355 Upstream summary: Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:1897-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-41724 CVE-2022-41723 CVE-2022-41717 CVE-2022-41720 CVE-2022-2879 CVE-2022-2880 CVE-2022-27664 CVE-2022-41725  +3 more Upstream summary: Large handshake records may cause panics in crypto/tls. Both clients and servers may […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0048-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-25565 CVE-2023-25566 CVE-2023-25567 CVE-2023-25563 CVE-2023-25564 Upstream summary: GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0075-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-24580 CVE-2023-23969 CVE-2022-41323 CVE-2022-36359 CVE-2022-34265 CVE-2022-28346 CVE-2022-28347 CVE-2022-23833  +3 more Upstream summary: An issue was discovered in the Multipart Request Parser in Django 3.2 before […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:796-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-0670 CVE-2022-3650 CVE-2020-25660 CVE-2020-27781 CVE-2018-10861 CVE-2018-1128 CVE-2019-10222 CVE-2019-3821  +12 more Upstream summary: A flaw was found in Openstack manilla owning a Ceph File system "share", […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:0484-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-3560 Upstream summary: A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit […]