Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SUSE — Vulnerabilities & Security Advisories 185

Browse all 185 CVE security advisories affecting SUSE. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by SUSE:RancherSUSE Linux Enterprise Server 12neuvectoropenSUSE Tumbleweedopen build servicesupportutilsopenSUSE FactorylibzyppSUSE Linux Enterprise Server 15SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise Module for SUSE Manager Server 4.2SUSE Linux Enterprise Server 11-SP4-LTSSContainer suse/manager/5.0/x86_64/server:5.0.4.7.19.1Studio onsiteContainer suse/manager/5.0/x86_64/server:5.0.2.7.8.1harvesterSUSE Linux Enterprise Desktop 15 SP5SUSE Linux Enterprise ServerSUSE Linux Enterprise Server 11SUSE Linux Enterprise Module for Desktop Applications 15-SP1SUSE Enterprise Storage 5SUSE Manager Server 4.1SUSE CaaS Platform 4.5LonghornSUSE Linux Enterprise Server 12-SP5SUSE Linux Enterprise Server 15 SP1Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1SUSE Linux Enterprise Micro 5.3SUSE Linux Enterprise Server for SAP 15hackweek
CVE IDTitleCVSSSeverityPublished
CVE-2019-3683 keystone_json_assignment backend granted access to any project for users in user-project-map.json — SUSE Openstack Cloud 8CWE-732 8.8 High2020-01-17
CVE-2019-3682 Insecure API port exposed to all Master Node guest containers — SUSE CaaS Platform 3.0CWE-668 8.4 High2020-01-17
CVE-2019-3690 chkstat follows untrusted symbolic links — permissionsCWE-59 6.8 Medium2019-12-05
CVE-2019-10220 Linux kernel 路径遍历漏洞 — kernel:CWE-22 8.8 -2019-11-27
CVE-2019-3688 squid: /usr/sbin/pinger packaged with wrong permission — SUSE Linux Enterprise Server 15CWE-276 5.1 Medium2019-10-07
CVE-2019-3689 nfs-utils: root-owned files stored in insecure /var/lib/nfs directory — SUSE Linux Enterprise Server 12CWE-276 5.1 Medium2019-09-19
CVE-2019-3684 susemanager installer creates world-readable swap files — SUSE ManagerCWE-922 5.9 -2019-05-13
CVE-2018-17955 Static tempfile name allows overwriting of arbitrary files — yast2-multipathCWE-377 5.5 -2019-03-15
CVE-2018-17956 Password exposed in process listing — yast2-samba-provisionCWE-200 7.8 -2019-03-15
CVE-2018-20106 SMB printer settings don't escape characters in passwords properly — yast2-printerCWE-78 8.1 -2019-03-15
CVE-2018-19636 Local root exploit via inclusion of attacker controlled shell script — supportutilsCWE-306 7.8 -2019-03-05
CVE-2018-19637 Static temporary filename allows overwriting of files — supportutilsCWE-377 5.5 -2019-03-05
CVE-2018-19638 User can overwrite arbitrary log files in support tar — supportutilsCWE-377 5.5 -2019-03-05
CVE-2018-19639 Code execution if run with command line switch -v — supportutilsCWE-78 8.4 -2019-03-05
CVE-2018-19640 Code execution if run with command line switch -v — supportutilsCWE-377 5.5 -2019-03-05
CVE-2018-17957 yast2-rmt leaks database passwords in process list — yast2-rmtCWE-214 7.8 -2018-12-26
CVE-2018-17953 pam_access does not handle netmask matches correctly — pamCWE-284 7.7 -2018-11-27
CVE-2018-7685 libzypp does not reevaluate malicious rpms once downloaded — libzyppCWE-358 9.8 -2018-08-31
CVE-2011-4183 open build service allows anyone to upload rpms — open build serviceCWE-862 9.8 -2018-06-13
CVE-2011-4181 open build service information leak via unauthorized source access — open build serviceCWE-284 7.5 -2018-06-11
CVE-2011-4190 Missing verification of host key for kdump server — kdumpCWE-306 5.3 -2018-06-08
CVE-2012-0433 insecure permissions on files containing confidential data — crowbarCWE-732 5.5 -2018-06-08
CVE-2011-3172 unix2_chkpwd do not check for a valid account — SUSE Linux EnterpriseCWE-304 9.8 -2018-06-08
CVE-2011-0467 SQL injection in SUSE studio via select parameter — SUSE Studio OnsiteCWE-89 8.8 -2018-06-07
CVE-2015-0796 open build service source server symlink exploitation via source patch — open build service 7.7 -2018-03-02
CVE-2017-14798 local privilege escalation in SUSE postgresql init script — postgresql-init 7.0 -2018-03-01
CVE-2017-14804 package builds could use directory traversal to write outside of target area — build 9.1 -2018-03-01
CVE-2017-7435 libzypp accepts unsigned 3rd party repo without warning — libzypp 8.1 -2018-03-01
CVE-2017-7436 libzypp accepts unsigned packages even when configured to check signatures — libzypp 8.1 -2018-03-01
CVE-2017-9268 open-build-service retrigger / wipebinaries hitting the wrong project bypassing access permissions — open build service 6.5 -2018-03-01

This page lists every published CVE security advisory associated with SUSE. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.