openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-31997 CVE-2021-40347 Upstream summary: A UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3397-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-38749 CVE-2022-38750 CVE-2022-38751 CVE-2022-38752 CVE-2017-18640 CVE-2022-25857 Upstream summary: Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-0196 CVE-2022-40704 CVE-2022-0571 CVE-2022-0157 Upstream summary: phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF) Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10169-1 (see also SUSE bugzilla) Related CVEs: CVE-2017-8373 CVE-2017-8374 Upstream summary: The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b allows remote attackers to cause a denial of service (heap-based buffer […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:2025-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-46828 Upstream summary: In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10185-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-24949 CVE-2022-24950 CVE-2022-48257 CVE-2022-48258 CVE-2022-24951 CVE-2022-24952 Upstream summary: A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:2592-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-31163 Upstream summary: TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-21299 Upstream summary: hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2020-11105 Upstream summary: An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10183-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-35861 Upstream summary: pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can […]