openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0500-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-23437 Upstream summary: There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-0497 CVE-2022-0496 Upstream summary: A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0479-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-0135 CVE-2019-18389 CVE-2019-18391 CVE-2022-0175 CVE-2016-10214 CVE-2017-5937 CVE-2017-5957 CVE-2019-18388  +7 more Upstream summary: An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0841-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-23853 Upstream summary: The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3016-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-39359 Upstream summary: In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14729-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-28975 Upstream summary: svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-23935 Upstream summary: lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /|$/ check, leading to command injection. Table of contents Symptom & Impact Environment […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0046-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-29050 Upstream summary: SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0190-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-4034 CVE-2021-3560 CVE-2010-0750 CVE-2011-1485 CVE-2015-3255 CVE-2015-3256 CVE-2018-19788 CVE-2019-6133  +4 more Upstream summary: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2022-23220 Upstream summary: USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain […]