Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

suse — Vulnerabilities & Security Advisories 185

Browse all 185 CVE security advisories affecting suse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SUSE operates primarily as a provider of enterprise Linux distributions and cloud-native solutions, serving critical infrastructure in hybrid and multi-cloud environments. With 185 recorded CVEs, its vulnerability profile reflects the complexity of managing large-scale open-source codebases. Historically, common flaw classes include remote code execution (RCE), buffer overflows, and privilege escalation vulnerabilities, often stemming from misconfigurations or outdated dependencies within its core operating system components. Notable security characteristics involve its focus on container security and Kubernetes integration, which introduces attack surfaces related to orchestration layers. While no single catastrophic incident defines its history, the sheer volume of vulnerabilities highlights the ongoing challenge of maintaining security in widely deployed, long-term support releases. This necessitates rigorous patch management and continuous monitoring to mitigate risks associated with its extensive ecosystem of integrated services and third-party libraries.

Top products by suse: Rancher SUSE Linux Enterprise Server 12 neuvector openSUSE Tumbleweed open build service supportutils openSUSE Factory libzypp SUSE Linux Enterprise Server 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 11-SP4-LTSS Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Studio onsite Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 harvester SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Enterprise Storage 5 SUSE Manager Server 4.1 SUSE CaaS Platform 4.5 Longhorn SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 15 SP1 Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server for SAP 15 hackweek
CVE IDTitleCVSSSeverityPublished
CVE-2026-25702 nftables disabled due to incorrect kernel backport — SUSE Linux Enterprise ServerCWE-284 7.3 High2026-03-05
CVE-2025-62879 Rancher Backup Operator pod's logs leak S3 tokens — RancherCWE-532 6.8 Medium2026-03-04
CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern — RancherCWE-23 9.9 Critical2026-02-25
CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command — rancherCWE-295 8.3 High2026-02-25
CVE-2025-67860 NeuVector scanner insecurely handles passwords as command arguments — harvesterCWE-522 3.8 Low2026-02-25
CVE-2025-62877 Harvest may expose OS default ssh login password via SUSE Virtualization Interactive Installer — harvesterCWE-1188 9.8 Critical2026-01-08
CVE-2025-66001 NeuVector OpenID Connect is vulnerable to man-in-the-middle (MITM) — neuvectorCWE-295 8.8 High2026-01-08
CVE-2025-62875 Local DoS in OpenSMTPD via UNIX domain socket smtpd.sock — openSUSE TumbleweedCWE-754 5.5 -2025-11-20
CVE-2025-62876 LightDM KDE Greeter 安全漏洞 — openSUSECWE-250 7.8 -2025-11-12
CVE-2025-53883 spacewalk-java has various XSS issues on search page — Container suse manager 5.0CWE-80 6.1AIMediumAI2025-10-30
CVE-2025-53880 susemanager-tftpsync-recv allows arbitrary file creation and deletion due to path traversal — Container suse/manager/4.3/proxy-httpd:latestCWE-35 6.5AIMediumAI2025-10-30
CVE-2025-54471 NeuVector is shipping cryptographic material into its binary — neuvectorCWE-321 6.5 Medium2025-10-30
CVE-2025-54469 NeuVector Enforcer is vulnerable to Command Injection and Buffer overflow — neuvectorCWE-78 9.9 Critical2025-10-30
CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS — neuvectorCWE-295 8.6 High2025-10-30
CVE-2024-58269 Rancher exposes sensitive information through audit logs — rancherCWE-532 4.3 Medium2025-10-29
CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal — rancherCWE-281 4.3 Medium2025-10-29
CVE-2024-58260 Rancher update on users can deny the service to the admin — rancherCWE-863 7.6 High2025-10-02
CVE-2024-58267 Rancher CLI SAML authentication is vulnerable to phishing attacks — rancherCWE-345 8.0 High2025-10-02
CVE-2025-54468 Rancher sends sensitive information to external services through the `/meta/proxy` endpoint — rancherCWE-200 4.7 Medium2025-10-02
CVE-2025-8077 NeuVector admin account has insecure default password — neuvectorCWE-1393 9.8 Critical2025-09-17
CVE-2025-54467 NeuVector process with sensitive arguments lead to leakage — neuvectorCWE-522 5.3 Medium2025-09-17
CVE-2025-53884 NeuVector has an insecure password storage vulnerable to rainbow attack — neuvectorCWE-759 5.3 Medium2025-09-17
CVE-2024-58259 Rancher affected by unauthenticated Denial of Service — rancherCWE-770 8.2 High2025-09-02
CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text — RancherCWE-312 7.7 High2025-09-02
CVE-2025-46809 Multi Linux Manager epxoses the plain text HTTP Proxy user:password in logs — Container suse/manager/4.3/proxy-httpd:4.3.16.9.67.1CWE-256 5.7 Medium2025-07-31
CVE-2025-46811 SUSE Multi Linux Manager allows code execution via unprotected websocket endpoint — Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1CWE-862 9.8 Critical2025-07-30
CVE-2025-53882 The logrotate configuration in the python-mailman of openSUSE allows the mailman user to sent SIGHUP to arbitrary proceess — openSUSE TumbleweedCWE-807 4.4 Medium2025-07-23
CVE-2025-23393 Reflected XSS in spacewalk-java — Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1CWE-80 5.2 Medium2025-05-27
CVE-2025-23392 Reflected XSS in SystemsController.java in spacewalk-java — Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1CWE-80 5.2 Medium2025-05-26
CVE-2025-23394 daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root — openSUSE TumbleweedCWE-61 8.4AIHighAI2025-05-26

This page lists every published CVE security advisory associated with suse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.