openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2018:0497-1 (see also SUSE bugzilla) Related CVEs: CVE-2017-17969 CVE-2016-2334 CVE-2016-2335 CVE-2016-9296 CVE-2021-3465 CVE-2015-1038 Upstream summary: Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2010-2496 CVE-2018-16877 CVE-2020-25654 CVE-2015-1867 CVE-2016-7035 CVE-2016-7797 CVE-2019-3885 Upstream summary: stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2018-12356 Upstream summary: An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:0213-1 (see also SUSE bugzilla) Related CVEs: CVE-2019-3695 CVE-2019-3696 CVE-2024-45769 CVE-2024-45770 CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421  +1 more Upstream summary: A Improper Control of Generation of Code vulnerability in the packaging of pcp […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2014-3230 Upstream summary: The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2015-3406 CVE-2015-3407 CVE-2015-3408 CVE-2015-3409 CVE-2013-2145 Upstream summary: The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2020:1177-1 (see also SUSE bugzilla) Related CVEs: CVE-2016-9180 Upstream summary: perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3198-1 Related CVEs: CVE-2021-32610 Upstream summary: In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. Table of contents Symptom & Impact Environment […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:0675-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-14929 CVE-2021-38370 Upstream summary: Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which […]