openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2021:2927-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-32740 Upstream summary: Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1439-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-21532 CVE-2020-21533 CVE-2020-21534 CVE-2020-21680 CVE-2020-21681 CVE-2020-21682 CVE-2020-21683 CVE-2025-46397  +12 more Upstream summary: fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:1678-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-28491 Upstream summary: This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:14697-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-41098 CVE-2019-5477 Upstream summary: Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1536-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-32765 CVE-2020-7105 Upstream summary: Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:0760-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-3520 CVE-2019-17543 Upstream summary: There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2021-25322 CVE-2021-33038 CVE-2021-35057 Upstream summary: A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:1873-1 (see also SUSE bugzilla) Related CVEs: CVE-2015-5262 CVE-2012-5783 CVE-2014-3577 Upstream summary: http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2018:3384-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-11797 CVE-2021-27807 CVE-2026-3392 CVE-2026-33929 CVE-2016-2175 CVE-2018-8036 CVE-2021-27906 Upstream summary: In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can […]