Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

suse — Vulnerabilities & Security Advisories 185

Browse all 185 CVE security advisories affecting suse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SUSE operates primarily as a provider of enterprise Linux distributions and cloud-native solutions, serving critical infrastructure in hybrid and multi-cloud environments. With 185 recorded CVEs, its vulnerability profile reflects the complexity of managing large-scale open-source codebases. Historically, common flaw classes include remote code execution (RCE), buffer overflows, and privilege escalation vulnerabilities, often stemming from misconfigurations or outdated dependencies within its core operating system components. Notable security characteristics involve its focus on container security and Kubernetes integration, which introduces attack surfaces related to orchestration layers. While no single catastrophic incident defines its history, the sheer volume of vulnerabilities highlights the ongoing challenge of maintaining security in widely deployed, long-term support releases. This necessitates rigorous patch management and continuous monitoring to mitigate risks associated with its extensive ecosystem of integrated services and third-party libraries.

Top products by suse: Rancher SUSE Linux Enterprise Server 12 neuvector openSUSE Tumbleweed open build service supportutils openSUSE Factory libzypp SUSE Linux Enterprise Server 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 11-SP4-LTSS Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Studio onsite Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 harvester SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Enterprise Storage 5 SUSE Manager Server 4.1 SUSE CaaS Platform 4.5 Longhorn SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 15 SP1 Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server for SAP 15 hackweek
CVE IDTitleCVSSSeverityPublished
CVE-2023-32188 JWT token compromise can allow malicious actions including Remote Code Execution (RCE) — neuvectorCWE-1270 9.8AICriticalAI2024-10-16
CVE-2023-22650 Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider — rancherCWE-287 8.8 High2024-10-16
CVE-2023-22649 Rancher 'Audit Log' leaks sensitive information — rancherCWE-532 8.4 High2024-10-16
CVE-2023-22644 JWT token compromise can allow malicious actions including Remote Code Execution (RCE) — neuvectorCWE-1270 7.5 -2023-09-20
CVE-2023-32182 SUSE Linux Enterprise Desktop 后置链接漏洞 — SUSE Linux Enterprise Desktop 15 SP5CWE-59 5.9 Medium2023-09-19
CVE-2023-32186 RKE2 安全漏洞 — RKE2CWE-770 7.5 High2023-09-19
CVE-2023-32187 SUSE Rancher K3s 安全漏洞 — k3sCWE-770 7.5 High2023-09-18
CVE-2022-43760 Rancher Labs Rancher 跨站脚本漏洞 — RancherCWE-79 8.4 High2023-06-01
CVE-2023-22647 Rancher Labs Rancher 安全漏洞 — RancherCWE-267 9.9 Critical2023-06-01
CVE-2023-22648 Rancher Labs Rancher 安全漏洞 — RancherCWE-271 8.0 High2023-06-01
CVE-2023-22651 Rancher 安全漏洞 — RancherCWE-269 9.9 Critical2023-05-04
CVE-2023-22645 kubewarden: Excessive permissions for kubewarden-controller-manager-cluster-role — kubewardenCWE-269 8.0 High2023-04-19
CVE-2022-45155 obs-service-go_modules: arbitrary directory delete — openSUSE FactoryCWE-755 5.5 Medium2023-03-15
CVE-2022-45154 supportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.sh — SUSE Linux Enterprise Server 12CWE-312 4.4 Medium2023-02-15
CVE-2022-45153 saphanabootstrap-formula: Escalation to root for arbitrary users in hana/ha_cluster.sls — SUSE Linux Enterprise Module for SAP Applications 15-SP1CWE-276 7.0 High2023-02-15
CVE-2022-31249 [RANCHER] OS command injection in Rancher and Fleet — RancherCWE-78 7.5 High2023-02-07
CVE-2022-31254 rmt-server-pubcloud allows to escalate from user _rmt to root — SUSE Linux Enterprise Server for SAP 15CWE-276 7.8 High2023-02-07
CVE-2022-21953 Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster — RancherCWE-862 7.4 High2023-02-07
CVE-2022-43755 Rancher: Non-random authentication token — RancherCWE-331 7.1 High2023-02-07
CVE-2022-43757 Rancher: Exposure of sensitive fields — RancherCWE-312 9.9 Critical2023-02-07
CVE-2023-22643 libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.system` calls — SUSE Linux Enterprise Server for SAP 15-SP3CWE-78 6.3 Medium2023-02-07
CVE-2022-43759 Rancher: Privilege escalation via promoted roles — RancherCWE-269 7.2 High2023-02-07
CVE-2022-43758 Rancher: Command injection in Git package — RancherCWE-78 7.6 High2023-02-07
CVE-2022-43756 Rancher/Wrangler: Denial of service when processing Git credentials — RancherCWE-74 5.9 Medium2023-02-07
CVE-2022-43754 SUMA/UYUNI reflected cross site scripting in /rhn/audit/scap/Search.do — SUSE Linux Enterprise Module for SUSE Manager Server 4.2CWE-79 2.6 Low2022-11-10
CVE-2022-43753 SUMA/UYUNI arbitrary file disclosure vulnerability in ScapResultDownload — SUSE Linux Enterprise Module for SUSE Manager Server 4.2CWE-22 4.3 Medium2022-11-10
CVE-2022-31255 SUMA/UYUNI directory path traversal vulnerability in CobblerSnipperViewAction — SUSE Linux Enterprise Module for SUSE Manager Server 4.2CWE-22 4.3 Medium2022-11-10
CVE-2022-31256 sendmail: mail to root privilege escalation via sm-client.pre script — openSUSE FactoryCWE-59 7.7 High2022-10-26
CVE-2022-31252 permissions: chkstat does not check for group-writable parent directories or target files in safeOpen() — SUSE Linux Enterprise Server 12-SP5CWE-863 4.4 Medium2022-10-06
CVE-2022-31251 slurm: %post for slurm-testsuite operates as root in user owned directory — openSUSE FactoryCWE-276 6.5 Medium2022-09-07

This page lists every published CVE security advisory associated with suse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.