openSUSE

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14387-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-47554 CVE-2021-29425 Upstream summary: Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14373-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-42934 Upstream summary: OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14353-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-45405 Upstream summary: `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:3771-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-43788 Upstream summary: Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2024:14375-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-34156 Upstream summary: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2023-43771 Upstream summary: In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. Table of contents Symptom & […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:3210-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-7256 CVE-2024-8006 CVE-2019-15161 CVE-2025-11961 Upstream summary: In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-1681 Upstream summary: corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory (see also SUSE bugzilla) Related CVEs: CVE-2024-24557 Upstream summary: Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:1316-1 (see also SUSE bugzilla) Related CVEs: CVE-2019-20093 CVE-2018-12983 CVE-2019-10723 CVE-2017-5852 CVE-2017-5853 CVE-2017-5854 CVE-2017-5855 CVE-2017-5886  +12 more Upstream summary: The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause […]