Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

suse — Vulnerabilities & Security Advisories 194

Browse all 194 CVE security advisories affecting suse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SUSE operates primarily as a provider of enterprise Linux distributions and cloud-native solutions, serving critical infrastructure in hybrid and multi-cloud environments. With 185 recorded CVEs, its vulnerability profile reflects the complexity of managing large-scale open-source codebases. Historically, common flaw classes include remote code execution (RCE), buffer overflows, and privilege escalation vulnerabilities, often stemming from misconfigurations or outdated dependencies within its core operating system components. Notable security characteristics involve its focus on container security and Kubernetes integration, which introduces attack surfaces related to orchestration layers. While no single catastrophic incident defines its history, the sheer volume of vulnerabilities highlights the ongoing challenge of maintaining security in widely deployed, long-term support releases. This necessitates rigorous patch management and continuous monitoring to mitigate risks associated with its extensive ecosystem of integrated services and third-party libraries.

Top products by suse: Rancher neuvector SUSE Linux Enterprise Server 12 openSUSE Tumbleweed open build service supportutils libzypp openSUSE Factory SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 harvester SUSE Linux Enterprise High Performance Computing 15-ESPOS Studio onsite SUSE Linux Enterprise SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server SUSE Manager Server 4.1 SUSE CaaS Platform 4.5 Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 SUSE Enterprise Storage 5 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 15 SP5 Longhorn SUSE Manager Server Module 4.3 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Server 15 SP4
CVE IDTitleCVSSSeverityPublished
CVE-2021-25317 cups: ownership of /var/log/cups allows the lp user to create files as root — SUSE Linux Enterprise Server 11-SP4-LTSSCWE-276 3.3 Low2021-05-05
CVE-2021-25314 hawk: Insecure file permissions — SUSE Linux Enterprise High Availability 12-SP3CWE-378 7.8 High2021-04-14
CVE-2021-25316 Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools — SUSE Linux Enterprise Server 12-SP5CWE-377 3.3 Low2021-04-14
CVE-2021-25313 Rancher: XSS on /v3/cluster/ — RancherCWE-79 7.1 High2021-03-05
CVE-2021-25315 salt-api unauthenticated remote code execution — SUSE Linux Enterprise Server 15 SP 3CWE-287 9.8 Critical2021-03-03
CVE-2020-8027 openldap uses fixed paths in /tmp — SUSE Linux Enterprise Server 15-LTSSCWE-377 7.3 High2021-02-11
CVE-2020-8030 skuba: Insecure /tmp usage when joining node to cluster — SUSE CaaS Platform 4.5CWE-377 3.6 Low2021-02-11
CVE-2020-8029 skuba: Insecure handling of private key — SUSE CaaS Platform 4.5CWE-732 2.9 Low2021-02-11
CVE-2020-8028 salt-api is accessible to every user on SUSE Manager Server — SUSE Linux Enterprise Module for SUSE Manager Server 4.1CWE-284 9.3 Critical2020-09-17
CVE-2020-8023 Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2 — SUSE Enterprise Storage 5CWE-349 7.7 High2020-09-01
CVE-2020-8025 outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues — SUSE Linux Enterprise Server 12-SP4CWE-279 6.1 Medium2020-08-07
CVE-2019-3681 osc: stores downloaded (supposed) RPM in network-controlled filesystem paths — SUSE Linux Enterprise Module for Development Tools 15CWE-73 7.5 High2020-06-29
CVE-2020-8019 syslog-ng: Local privilege escalation from new to root in %post — SUSE Linux Enterprise Debuginfo 11-SP3CWE-61 7.7 High2020-06-29
CVE-2020-8022 User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges — SUSE Enterprise Storage 5CWE-276 7.7 High2020-06-29
CVE-2020-8018 User owned /etc in SLES15-SP1-CHOST-BYOS — SUSE Linux Enterprise Server 15 SP1CWE-276 8.4 High2020-05-04
CVE-2019-18905 Deprecated functionality in autoyast2 automatically imports gpg keys without checking them — SUSE Linux Enterprise Server 12CWE-345 4.8 Medium2020-04-03
CVE-2019-18904 Migrations requests can cause DoS on rmt — SUSE Linux Enterprise High Performance Computing 15-ESPOSCWE-400 6.5 Medium2020-04-03
CVE-2018-17954 crowbar provision leaks admin password to all nodes in cleartext — SUSE OpenStack Cloud 7CWE-269 9.3 Critical2020-04-03
CVE-2020-8017 race condition on texlive-filesystem cron job allows for the deletion of unintended files — SUSE Linux Enterprise Module for Desktop Applications 15-SP1CWE-367 6.2 Medium2020-04-02
CVE-2020-8016 race condition in the packaging of texlive-filesysten — SUSE Linux Enterprise Module for Desktop Applications 15-SP1CWE-367 4.9 Medium2020-04-02
CVE-2019-3696 pcp: Local privilege escalation from user pcp to root through migrate_tempdirs — SUSE Linux Enterprise High Performance Computing 15-ESPOSCWE-22 8.4 High2020-03-03
CVE-2019-3695 pcp: Local privilege escalation from user pcp to root — SUSE Linux Enterprise High Performance Computing 15-ESPOSCWE-94 8.4 High2020-03-03
CVE-2019-18903 wicked: Use-after-free when receiving invalid DHCP6 IA_PD option — SUSE Linux Enterprise Server 12CWE-416 7.5 High2020-03-02
CVE-2019-18902 wicked: Use-after-free when receiving invalid DHCP6 client options — SUSE Linux Enterprise Server 12CWE-416 7.5 High2020-03-02
CVE-2020-8013 permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim — SUSE Linux Enterprise Server 12CWE-59 2.2 Low2020-03-02
CVE-2019-18901 mysql-systemd-helper allows setting 640 permissions of arbitrary files — SUSE Linux Enterprise Server 12CWE-59 5.1 Medium2020-03-02
CVE-2019-18897 Local privilege escalation from user salt to root — SUSE Linux Enterprise Server 12CWE-59 8.4 High2020-03-02
CVE-2019-3698 nagios cron job allows privilege escalation from user nagios to root — SUSE Linux Enterprise Server 12CWE-59 5.7 Medium2020-02-28
CVE-2017-14806 Insecure handling of repodata and packages in SUSE Studio onlite — Studio onsiteCWE-295 3.7 Low2020-01-27
CVE-2017-14807 SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite — Studio onsiteCWE-89 8.1 High2020-01-27

This page lists every published CVE security advisory associated with suse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.