Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SUSE — Vulnerabilities & Security Advisories 185

Browse all 185 CVE security advisories affecting SUSE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by SUSE:RancherSUSE Linux Enterprise Server 12neuvectoropenSUSE Tumbleweedopen build servicesupportutilsopenSUSE FactorylibzyppSUSE Linux Enterprise Server 15SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise Module for SUSE Manager Server 4.2SUSE Linux Enterprise Server 11-SP4-LTSSContainer suse/manager/5.0/x86_64/server:5.0.4.7.19.1Studio onsiteContainer suse/manager/5.0/x86_64/server:5.0.2.7.8.1harvesterSUSE Linux Enterprise Desktop 15 SP5SUSE Linux Enterprise ServerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Module for Desktop Applications 15-SP1SUSE Enterprise Storage 5SUSE Manager Server 4.1SUSE CaaS Platform 4.5LonghornSUSE Linux Enterprise Server 12-SP5SUSE Linux Enterprise Server 15 SP1Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Server for SAP 15hackweek
CVE IDTitleCVSSSeverityPublished
CVE-2022-31247 Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) — RancherCWE-285 9.1 Critical2022-09-07
CVE-2021-36783 Rancher: Failure to properly sanitize credentials in cluster template answers — RancherCWE-522 9.9 Critical2022-09-07
CVE-2021-36782 Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object — RancherCWE-312 9.9 Critical2022-09-07
CVE-2022-31248 SUMA user enumeration via weak error message — SUSE Manager Server 4.1CWE-204 5.3 Medium2022-06-22
CVE-2022-21952 SUMA unauthenticated remote DoS via resource exhaustion — SUSE Manager Server 4.1CWE-306 7.5 High2022-06-22
CVE-2022-21951 Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden — RancherCWE-319 6.8 Medium2022-05-25
CVE-2022-21949 Multiple XXE vulnerabilities in OBS — Open Build ServiceCWE-611 8.8 High2022-05-03
CVE-2021-4200 Write access to the Catalog for any user when restricted-admin role is enabled — RancherCWE-269 5.4 Medium2022-05-02
CVE-2021-36784 Privilege escalation for users with create/update permissions in Global Roles — RancherCWE-269 7.2 High2022-05-02
CVE-2021-36778 Exposure of repository credentials to external third-party sources — RancherCWE-863 7.3 High2022-05-02
CVE-2021-36776 Steve API proxy impersonation — RancherCWE-284 8.8 High2022-04-01
CVE-2021-36775 Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings — RancherCWE-284 8.8 High2022-04-01
CVE-2022-21947 rancher desktop: Dashboard API is network accessible — RancherCWE-668 8.3 High2022-04-01
CVE-2021-46705 grub2-once uses fixed file name in /var/tmp — SUSE Linux Enterprise Server 15 SP4CWE-377 5.1 Medium2022-03-16
CVE-2021-36780 Unauthorized data access from replicas through vulnerable instance manager pods — LonghornCWE-306 8.1 High2021-12-17
CVE-2021-36779 Host operations allowed in privileged Longhorn managed pods — LonghornCWE-306 9.6 Critical2021-12-17
CVE-2021-32000 clone-master-clean-up: dangerous file system operations — SUSE Linux Enterprise Server 12 SP3 3.2 Low2021-07-28
CVE-2021-32001 K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token — RancherCWE-311 6.5 Medium2021-07-28
CVE-2019-18906 cryptctl: client side password hashing is equivalent to clear text password storage — SUSE Linux Enterprise Server for SAP 12-SP5CWE-287 9.8 Critical2021-06-30
CVE-2021-25321 arpwatch: Local privilege escalation from runtime user to root — SUSE Linux Enterprise Server 11-SP4-LTSSCWE-61 7.8 High2021-06-30
CVE-2021-31998 inn: %post calls user owned file allowing local privilege escalation to root — SUSE Linux Enterprise Server 11-SP3CWE-276 6.8 Medium2021-06-10
CVE-2021-25317 cups: ownership of /var/log/cups allows the lp user to create files as root — SUSE Linux Enterprise Server 11-SP4-LTSSCWE-276 3.3 Low2021-05-05
CVE-2021-25314 hawk: Insecure file permissions — SUSE Linux Enterprise High Availability 12-SP3CWE-378 7.8 High2021-04-14
CVE-2021-25316 Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools — SUSE Linux Enterprise Server 12-SP5CWE-377 3.3 Low2021-04-14
CVE-2021-25313 Rancher: XSS on /v3/cluster/ — RancherCWE-79 7.1 High2021-03-05
CVE-2021-25315 salt-api unauthenticated remote code execution — SUSE Linux Enterprise Server 15 SP 3CWE-287 9.8 Critical2021-03-03
CVE-2020-8027 openldap uses fixed paths in /tmp — SUSE Linux Enterprise Server 15-LTSSCWE-377 7.3 High2021-02-11
CVE-2020-8030 skuba: Insecure /tmp usage when joining node to cluster — SUSE CaaS Platform 4.5CWE-377 3.6 Low2021-02-11
CVE-2020-8029 skuba: Insecure handling of private key — SUSE CaaS Platform 4.5CWE-732 2.9 Low2021-02-11
CVE-2020-8028 salt-api is accessible to every user on SUSE Manager Server — SUSE Linux Enterprise Module for SUSE Manager Server 4.1CWE-284 9.3 Critical2020-09-17

This page lists every published CVE security advisory associated with SUSE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.