Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

suse — Vulnerabilities & Security Advisories 185

Browse all 185 CVE security advisories affecting suse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SUSE operates primarily as a provider of enterprise Linux distributions and cloud-native solutions, serving critical infrastructure in hybrid and multi-cloud environments. With 185 recorded CVEs, its vulnerability profile reflects the complexity of managing large-scale open-source codebases. Historically, common flaw classes include remote code execution (RCE), buffer overflows, and privilege escalation vulnerabilities, often stemming from misconfigurations or outdated dependencies within its core operating system components. Notable security characteristics involve its focus on container security and Kubernetes integration, which introduces attack surfaces related to orchestration layers. While no single catastrophic incident defines its history, the sheer volume of vulnerabilities highlights the ongoing challenge of maintaining security in widely deployed, long-term support releases. This necessitates rigorous patch management and continuous monitoring to mitigate risks associated with its extensive ecosystem of integrated services and third-party libraries.

Top products by suse: Rancher SUSE Linux Enterprise Server 12 neuvector openSUSE Tumbleweed open build service supportutils openSUSE Factory libzypp SUSE Linux Enterprise Server 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 11-SP4-LTSS Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Studio onsite Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 harvester SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Enterprise Storage 5 SUSE Manager Server 4.1 SUSE CaaS Platform 4.5 Longhorn SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 15 SP1 Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server for SAP 15 hackweek
CVE IDTitleCVSSSeverityPublished
CVE-2025-46802 Temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen — SUSE Linux Enterprise Micro 5.3 6.0 Medium2025-05-26
CVE-2023-32197 Rancher's External RoleTemplates can lead to privilege escalation — rancherCWE-269 6.6 Medium2025-04-16
CVE-2024-22036 Rancher Remote Code Execution via Cluster/Node Drivers — rancherCWE-269 9.1 Critical2025-04-16
CVE-2024-52281 Stored Cross-site Scripting vulnerability in Rancher UI — rancherCWE-79 8.9 High2025-04-16
CVE-2024-52280 Users can issue watch commands for arbitrary resources — rancherCWE-200 7.7 High2025-04-11
CVE-2024-52282 Rancher Helm Applications may have sensitive values leaked — rancherCWE-200 6.2 Medium2025-04-11
CVE-2025-23387 Rancher's SAML-based login via CLI can be denied by unauthenticated users — rancherCWE-200 5.3 Medium2025-04-11
CVE-2025-23388 Unauthenticated stack overflow in /v3-public/authproviders API — rancherCWE-121 8.2 High2025-04-11
CVE-2025-23389 Rancher does not Properly Validate Account Bindings in SAML Authentication Enables User Impersonation on First Login — rancherCWE-284 8.4 High2025-04-11
CVE-2025-23391 Rancher: Restricted Administrator can change Administrator's passwords — rancherCWE-266 9.1 Critical2025-04-11
CVE-2025-23386 gerbera: Privilege escalation from user gerbera to root because of insecure %post script — openSUSE TumbleweedCWE-276 7.8 High2025-04-10
CVE-2024-22037 Database password leaked by systemd uyuni-server-attestation service — SUSE Manager Server 5.0CWE-497 5.5 Medium2024-11-28
CVE-2024-22038 DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge — openSUSE FactoryCWE-59 7.3 High2024-11-28
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web — Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1CWE-79 3.5 Low2024-11-28
CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web — Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1CWE-79 3.5 Low2024-11-28
CVE-2024-52283 SUSE hackweek 跨站脚本漏洞 — hackweekCWE-79 5.7 Medium2024-11-28
CVE-2024-49504 grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images — openSUSE Tumbleweed 4.9AIMediumAI2024-11-13
CVE-2022-45157 Exposure of vSphere's CPI and CSI credentials in Rancher — rancherCWE-522 9.1 Critical2024-11-13
CVE-2023-32189 Insecure handling SSH key in SUSE Manager when bootstrapping new clients — SUSE Manager Server Module 4.3 5.9 Medium2024-10-16
CVE-2024-22034 Crafted projects can overwrite special files in the .osc config directory — SUSE Linux Enterprise Desktop 15 SP5 5.5 Medium2024-10-16
CVE-2024-22033 obs-service-download_url is vulnerable to argument injection — SUSE Package Hub 15 SP5CWE-78 6.3 Medium2024-10-16
CVE-2024-22032 Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec — rancherCWE-200 6.5 Medium2024-10-16
CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL — rancherCWE-295 8.0 High2024-10-16
CVE-2024-22029 tomcat packaging allows for escalation to root from tomcat user — Container suse/manager/5.0/x86_64/server:5.0.0-beta1.2.122CWE-732 7.8 High2024-10-16
CVE-2023-32196 Rancher's External RoleTemplates can lead to privilege escalation — rancherCWE-269 6.6 Medium2024-10-16
CVE-2023-32194 Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' — rancherCWE-269 7.2 High2024-10-16
CVE-2023-32193 Norman API Cross-site Scripting Vulnerability — normanCWE-80 8.3 High2024-10-16
CVE-2023-32192 Rancher API Server Cross-site Scripting Vulnerability — apiserverCWE-80 8.3 High2024-10-16
CVE-2023-32191 rke's credentials are stored in the RKE1 Cluster state ConfigMap — rkeCWE-922 9.9 Critical2024-10-16
CVE-2023-32190 mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable — openSUSE Tumbleweed 6.5 -2024-10-16

This page lists every published CVE security advisory associated with suse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.