Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

suse — Vulnerabilities & Security Advisories 185

Browse all 185 CVE security advisories affecting suse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SUSE operates primarily as a provider of enterprise Linux distributions and cloud-native solutions, serving critical infrastructure in hybrid and multi-cloud environments. With 185 recorded CVEs, its vulnerability profile reflects the complexity of managing large-scale open-source codebases. Historically, common flaw classes include remote code execution (RCE), buffer overflows, and privilege escalation vulnerabilities, often stemming from misconfigurations or outdated dependencies within its core operating system components. Notable security characteristics involve its focus on container security and Kubernetes integration, which introduces attack surfaces related to orchestration layers. While no single catastrophic incident defines its history, the sheer volume of vulnerabilities highlights the ongoing challenge of maintaining security in widely deployed, long-term support releases. This necessitates rigorous patch management and continuous monitoring to mitigate risks associated with its extensive ecosystem of integrated services and third-party libraries.

Top products by suse: Rancher SUSE Linux Enterprise Server 12 neuvector openSUSE Tumbleweed open build service supportutils openSUSE Factory libzypp SUSE Linux Enterprise Server 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 11-SP4-LTSS Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Studio onsite Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 harvester SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Enterprise Storage 5 SUSE Manager Server 4.1 SUSE CaaS Platform 4.5 Longhorn SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 15 SP1 Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server for SAP 15 hackweek
CVE IDTitleCVSSSeverityPublished
CVE-2022-31247 Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB) — RancherCWE-285 9.1 Critical2022-09-07
CVE-2021-36783 Rancher: Failure to properly sanitize credentials in cluster template answers — RancherCWE-522 9.9 Critical2022-09-07
CVE-2021-36782 Rancher: Plaintext storage and exposure of credentials in Rancher API and cluster.management.cattle.io object — RancherCWE-312 9.9 Critical2022-09-07
CVE-2022-31248 SUMA user enumeration via weak error message — SUSE Manager Server 4.1CWE-204 5.3 Medium2022-06-22
CVE-2022-21952 SUMA unauthenticated remote DoS via resource exhaustion — SUSE Manager Server 4.1CWE-306 7.5 High2022-06-22
CVE-2022-21951 Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden — RancherCWE-319 6.8 Medium2022-05-25
CVE-2022-21949 Multiple XXE vulnerabilities in OBS — Open Build ServiceCWE-611 8.8 High2022-05-03
CVE-2021-4200 Write access to the Catalog for any user when restricted-admin role is enabled — RancherCWE-269 5.4 Medium2022-05-02
CVE-2021-36784 Privilege escalation for users with create/update permissions in Global Roles — RancherCWE-269 7.2 High2022-05-02
CVE-2021-36778 Exposure of repository credentials to external third-party sources — RancherCWE-863 7.3 High2022-05-02
CVE-2021-36776 Steve API proxy impersonation — RancherCWE-284 8.8 High2022-04-01
CVE-2021-36775 Deleting PRTBs associated to a group doesn't cause deletion of corresponding RoleBindings — RancherCWE-284 8.8 High2022-04-01
CVE-2022-21947 rancher desktop: Dashboard API is network accessible — RancherCWE-668 8.3 High2022-04-01
CVE-2021-46705 grub2-once uses fixed file name in /var/tmp — SUSE Linux Enterprise Server 15 SP4CWE-377 5.1 Medium2022-03-16
CVE-2021-36780 Unauthorized data access from replicas through vulnerable instance manager pods — LonghornCWE-306 8.1 High2021-12-17
CVE-2021-36779 Host operations allowed in privileged Longhorn managed pods — LonghornCWE-306 9.6 Critical2021-12-17
CVE-2021-32000 clone-master-clean-up: dangerous file system operations — SUSE Linux Enterprise Server 12 SP3 3.2 Low2021-07-28
CVE-2021-32001 K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token — RancherCWE-311 6.5 Medium2021-07-28
CVE-2019-18906 cryptctl: client side password hashing is equivalent to clear text password storage — SUSE Linux Enterprise Server for SAP 12-SP5CWE-287 9.8 Critical2021-06-30
CVE-2021-25321 arpwatch: Local privilege escalation from runtime user to root — SUSE Linux Enterprise Server 11-SP4-LTSSCWE-61 7.8 High2021-06-30
CVE-2021-31998 inn: %post calls user owned file allowing local privilege escalation to root — SUSE Linux Enterprise Server 11-SP3CWE-276 6.8 Medium2021-06-10
CVE-2021-25317 cups: ownership of /var/log/cups allows the lp user to create files as root — SUSE Linux Enterprise Server 11-SP4-LTSSCWE-276 3.3 Low2021-05-05
CVE-2021-25314 hawk: Insecure file permissions — SUSE Linux Enterprise High Availability 12-SP3CWE-378 7.8 High2021-04-14
CVE-2021-25316 Local DoS of VM live migration due to use of static tmp files in detach_disks.sh in s390-tools — SUSE Linux Enterprise Server 12-SP5CWE-377 3.3 Low2021-04-14
CVE-2021-25313 Rancher: XSS on /v3/cluster/ — RancherCWE-79 7.1 High2021-03-05
CVE-2021-25315 salt-api unauthenticated remote code execution — SUSE Linux Enterprise Server 15 SP 3CWE-287 9.8 Critical2021-03-03
CVE-2020-8027 openldap uses fixed paths in /tmp — SUSE Linux Enterprise Server 15-LTSSCWE-377 7.3 High2021-02-11
CVE-2020-8030 skuba: Insecure /tmp usage when joining node to cluster — SUSE CaaS Platform 4.5CWE-377 3.6 Low2021-02-11
CVE-2020-8029 skuba: Insecure handling of private key — SUSE CaaS Platform 4.5CWE-732 2.9 Low2021-02-11
CVE-2020-8028 salt-api is accessible to every user on SUSE Manager Server — SUSE Linux Enterprise Module for SUSE Manager Server 4.1CWE-284 9.3 Critical2020-09-17

This page lists every published CVE security advisory associated with suse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.