openSUSE

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14527-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-49393 CVE-2024-49394 Upstream summary: In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14528-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-52804 Upstream summary: Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14486-1 Related CVEs: CVE-2021-21367 Upstream summary: Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running (in […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:3526-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-45913 CVE-2023-45919 CVE-2023-45922 CVE-2019-5068 Upstream summary: Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2023-50570 Upstream summary: An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14474-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-45614 Upstream summary: Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14479-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-41128 CVE-2024-47887 CVE-2024-47888 CVE-2024-47889 CVE-2024-26143 CVE-2024-34341 Upstream summary: Action Pack is a framework for handling and responding to web requests. Starting in version 3.1.0 and […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14443-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-50602 Upstream summary: An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14401-1 Related CVEs: CVE-2024-23709 Upstream summary: In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:4054-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-28168 Upstream summary: Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. […]