openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3707-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-41973 Upstream summary: multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3471-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-39028 Upstream summary: telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2021-28955 Upstream summary: git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the current directory in certain PATH situations (most often seen on Windows). […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14395-1 Related CVEs: CVE-2022-42003 Upstream summary: In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10153-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-37706 Upstream summary: enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:2721-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-35255 CVE-2022-32212 CVE-2022-32215 CVE-2022-35256 CVE-2022-31150 CVE-2022-35949 CVE-2022-29244 CVE-2022-32213  +4 more Upstream summary: A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:712-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-11988 Upstream summary: Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14637-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-34749 Upstream summary: In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15100-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-36087 Upstream summary: OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3331-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-40320 CVE-2018-14447 Upstream summary: cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read. Table of contents Symptom & Impact Environment & Reproduction Root […]