openSUSE

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0388-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-43907 Upstream summary: OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. Table of contents Symptom & […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2018:4032-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-11759 Upstream summary: The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10178-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-41751 Upstream summary: Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing them in a JPEG filename and then using the regeneration […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:2947-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-37434 CVE-2022-41325 CVE-2023-5217 Upstream summary: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:4367-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-46751 Upstream summary: Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2023:0351-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-22098 CVE-2023-22099 CVE-2023-22100 Upstream summary: Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:4330-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-33065 Upstream summary: Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:4288-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-46136 CVE-2024-49767 Upstream summary: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:4218-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-43361 Upstream summary: Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:4227-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-34058 CVE-2023-34059 CVE-2023-20900 CVE-2023-20867 Upstream summary: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation […]