openSUSE

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:20766-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-2219 CVE-2025-6297 CVE-2022-1664 CVE-2015-0840 Upstream summary: It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-39402 CVE-2022-47952 CVE-2015-1331 CVE-2015-1334 CVE-2015-1335 CVE-2016-8649 CVE-2017-5985 CVE-2018-6556  +1 more Upstream summary: lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2025-65430 CVE-2025-65431 Upstream summary: An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-42095 Upstream summary: bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL. Table of contents […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-3219 CVE-2026-1703 Upstream summary: pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1744-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-71176 Upstream summary: pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:1659-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-5958 Upstream summary: When sed is invoked with both -i (in-place edit) and –follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory RHSA-2026:16014 (see also SUSE bugzilla) Related CVEs: CVE-2026-26986 CVE-2026-27015 CVE-2026-27951 Upstream summary: FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `rail_window_free` dereferences a freed `xfAppWindow` pointer […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-40606 Upstream summary: mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2026-34080 Upstream summary: xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks […]