openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14858-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-24439 Upstream summary: All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1235-1 (see also SUSE bugzilla) Related CVEs: CVE-2019-19977 Upstream summary: libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read. Table […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2021:2761-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-29509 CVE-2022-24790 CVE-2022-23634 CVE-2021-41136 Upstream summary: Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10147-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-41550 CVE-2016-10324 CVE-2016-10325 CVE-2016-10326 CVE-2017-7853 Upstream summary: GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. Table of contents Symptom […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:3472-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-46908 CVE-2020-13435 CVE-2020-13871 CVE-2025-29087 CVE-2025-29088 CVE-2021-36690 CVE-2022-35737 CVE-2019-16168  +7 more Upstream summary: SQLite through 3.40.0, when relying on –safe for execution of an untrusted CLI […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:712-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-45685 CVE-2022-40150 CVE-2023-1436 CVE-2022-45693 CVE-2022-40149 Upstream summary: A stack overflow in Jettison before v1.5.2 allows attackers to cause a Denial of Service (DoS) via crafted […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10241-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-45197 Upstream summary: Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:1690-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-4065 Upstream summary: A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-34299 CVE-2022-32200 Upstream summary: There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b. Table of contents Symptom & Impact […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:7427 (see also SUSE bugzilla) Related CVEs: CVE-2022-45063 CVE-2021-27135 CVE-2023-40359 Upstream summary: xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore […]