openSUSE

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:3527-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-35357 Upstream summary: A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:2776-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-2004 Upstream summary: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:3353-1 (see also SUSE bugzilla) Related CVEs: CVE-2018-21232 Upstream summary: re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags. Table of contents Symptom & Impact Environment & Reproduction […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:2541-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-41409 Upstream summary: Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-IU-2023:577-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-33460 Upstream summary: There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-FU-2023:3283-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-3429 CVE-2022-2084 CVE-2023-1786 Upstream summary: When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:2570-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-38497 Upstream summary: Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:3016-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-34623 Upstream summary: An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:2503-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-2976 CVE-2020-8908 Upstream summary: Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.5 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2023:2766-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-36661 Upstream summary: Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is […]