openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2019-12400 CVE-2021-40690 Upstream summary: In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0157-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-28021 CVE-2021-42716 CVE-2021-42715 Upstream summary: Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. Table of contents Symptom […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1646-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-44540 CVE-2021-44541 CVE-2021-44542 CVE-2021-20216 CVE-2021-20217 CVE-2021-20272 CVE-2021-20273 CVE-2021-20274  +11 more Upstream summary: A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2020-29652 CVE-2021-3121 CVE-2020-3996 Upstream summary: A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory TID000020535 (see also SUSE bugzilla) Related CVEs: CVE-2021-42574 CVE-2022-21658 Upstream summary: An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1359-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-30474 CVE-2021-30475 Upstream summary: aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-34337 CVE-2025-53882 Upstream summary: An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1475-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-20294 CVE-2014-9939 CVE-2017-12448 CVE-2017-12450 CVE-2017-13757 CVE-2017-14128 CVE-2017-14129 CVE-2017-14130  +12 more Upstream summary: A flaw was found in binutils readelf 2.35 program. An attacker who is […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2024:9158 (see also SUSE bugzilla) Related CVEs: CVE-2021-43612 CVE-2026-46433 Upstream summary: In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1553-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-42771 Upstream summary: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to […]