openSUSE

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:3817-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-47908 Upstream summary: Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02695-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-53367 Upstream summary: DjVuLibre is a GPL implementation of DjVu, a web-centric format for distributing documents and images. Prior to version 3.5.29, the MMRDecoder::scanruns […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03077-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-58266 CVE-2024-12224 Upstream summary: The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and xa0 characters, which may […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03025-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-7962 Upstream summary: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the r and n UTF-8 characters to […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:17558 (see also SUSE bugzilla) Related CVEs: CVE-2025-48964 CVE-2025-47268 Upstream summary: ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory RHSA-2024:9404 (see also SUSE bugzilla) Related CVEs: CVE-2024-2236 Upstream summary: A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02448-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-0718 Upstream summary: A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03354-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-48945 Upstream summary: pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:02353-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-5278 Upstream summary: A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: openSUSE Leap 15.6 📖 ~4 min read  •  Source: SUSE advisory openSUSE-SU-2021:1525-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-41190 Upstream summary: The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution […]