openSUSE

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2025:15096-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-3102 Upstream summary: Unknown. Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis Quick Triage Step-by-Step Diagnosis Solution – Primary Fix Solution […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:3027-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-36033 Upstream summary: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:0803-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-19787 CVE-2021-43818 Upstream summary: An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE security advisory Related CVEs: CVE-2022-27665 CVE-2020-26290 Upstream summary: Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10159-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-2652 Upstream summary: Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3496-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-42523 CVE-2011-4349 Upstream summary: There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10230-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-35133 Upstream summary: A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2022:10128-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-31252 CVE-2019-3687 CVE-2019-3690 CVE-2020-8013 CVE-2019-3688 Upstream summary: A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:2423-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-36113 CVE-2022-36114 Upstream summary: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Tumbleweed 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3561-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-2469 Upstream summary: GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client Table of contents Symptom & Impact Environment & Reproduction Root Cause Analysis […]