Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

suse — Vulnerabilities & Security Advisories 185

Browse all 185 CVE security advisories affecting suse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SUSE operates primarily as a provider of enterprise Linux distributions and cloud-native solutions, serving critical infrastructure in hybrid and multi-cloud environments. With 185 recorded CVEs, its vulnerability profile reflects the complexity of managing large-scale open-source codebases. Historically, common flaw classes include remote code execution (RCE), buffer overflows, and privilege escalation vulnerabilities, often stemming from misconfigurations or outdated dependencies within its core operating system components. Notable security characteristics involve its focus on container security and Kubernetes integration, which introduces attack surfaces related to orchestration layers. While no single catastrophic incident defines its history, the sheer volume of vulnerabilities highlights the ongoing challenge of maintaining security in widely deployed, long-term support releases. This necessitates rigorous patch management and continuous monitoring to mitigate risks associated with its extensive ecosystem of integrated services and third-party libraries.

Top products by suse: Rancher SUSE Linux Enterprise Server 12 neuvector openSUSE Tumbleweed open build service supportutils openSUSE Factory libzypp SUSE Linux Enterprise Server 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 11-SP4-LTSS Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 Studio onsite Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 harvester SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Module for Desktop Applications 15-SP1 SUSE Enterprise Storage 5 SUSE Manager Server 4.1 SUSE CaaS Platform 4.5 Longhorn SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 15 SP1 Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server for SAP 15 hackweek
CVE IDTitleCVSSSeverityPublished
CVE-2020-8023 Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2 — SUSE Enterprise Storage 5CWE-349 7.7 High2020-09-01
CVE-2020-8025 outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues — SUSE Linux Enterprise Server 12-SP4CWE-279 6.1 Medium2020-08-07
CVE-2019-3681 osc: stores downloaded (supposed) RPM in network-controlled filesystem paths — SUSE Linux Enterprise Module for Development Tools 15CWE-73 7.5 High2020-06-29
CVE-2020-8019 syslog-ng: Local privilege escalation from new to root in %post — SUSE Linux Enterprise Debuginfo 11-SP3CWE-61 7.7 High2020-06-29
CVE-2020-8022 User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges — SUSE Enterprise Storage 5CWE-276 7.7 High2020-06-29
CVE-2020-8018 User owned /etc in SLES15-SP1-CHOST-BYOS — SUSE Linux Enterprise Server 15 SP1CWE-276 8.4 High2020-05-04
CVE-2019-18905 Deprecated functionality in autoyast2 automatically imports gpg keys without checking them — SUSE Linux Enterprise Server 12CWE-345 4.8 Medium2020-04-03
CVE-2019-18904 Migrations requests can cause DoS on rmt — SUSE Linux Enterprise High Performance Computing 15-ESPOSCWE-400 6.5 Medium2020-04-03
CVE-2018-17954 crowbar provision leaks admin password to all nodes in cleartext — SUSE OpenStack Cloud 7CWE-269 9.3 Critical2020-04-03
CVE-2020-8017 race condition on texlive-filesystem cron job allows for the deletion of unintended files — SUSE Linux Enterprise Module for Desktop Applications 15-SP1CWE-367 6.2 Medium2020-04-02
CVE-2020-8016 race condition in the packaging of texlive-filesysten — SUSE Linux Enterprise Module for Desktop Applications 15-SP1CWE-367 4.9 Medium2020-04-02
CVE-2019-3696 pcp: Local privilege escalation from user pcp to root through migrate_tempdirs — SUSE Linux Enterprise High Performance Computing 15-ESPOSCWE-22 8.4 High2020-03-03
CVE-2019-3695 pcp: Local privilege escalation from user pcp to root — SUSE Linux Enterprise High Performance Computing 15-ESPOSCWE-94 8.4 High2020-03-03
CVE-2019-18903 wicked: Use-after-free when receiving invalid DHCP6 IA_PD option — SUSE Linux Enterprise Server 12CWE-416 7.5 High2020-03-02
CVE-2019-18902 wicked: Use-after-free when receiving invalid DHCP6 client options — SUSE Linux Enterprise Server 12CWE-416 7.5 High2020-03-02
CVE-2020-8013 permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim — SUSE Linux Enterprise Server 12CWE-59 2.2 Low2020-03-02
CVE-2019-18901 mysql-systemd-helper allows setting 640 permissions of arbitrary files — SUSE Linux Enterprise Server 12CWE-59 5.1 Medium2020-03-02
CVE-2019-18897 Local privilege escalation from user salt to root — SUSE Linux Enterprise Server 12CWE-59 8.4 High2020-03-02
CVE-2019-3698 nagios cron job allows privilege escalation from user nagios to root — SUSE Linux Enterprise Server 12CWE-59 5.7 Medium2020-02-28
CVE-2017-14806 Insecure handling of repodata and packages in SUSE Studio onlite — Studio onsiteCWE-295 3.7 Low2020-01-27
CVE-2017-14807 SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite — Studio onsiteCWE-89 8.1 High2020-01-27
CVE-2018-20105 yast2-rmt exposes CA private key passhrase in log-file — SUSE Linux Enterprise Server 15CWE-532 4.0 Medium2020-01-27
CVE-2018-12476 obs-service-extract_file's outfilename parameter allows to write files outside of package directory — SUSE Linux Enterprise Server 15CWE-23 4.3 Medium2020-01-27
CVE-2019-18900 libzypp stores cookies world readable — CaaS Platform 3.0CWE-276 4.0 Medium2020-01-24
CVE-2019-3693 Local privilege escalation from user wwwrun to root in the packaging of mailman — SUSE Linux Enterprise Server 11CWE-59 7.7 High2020-01-24
CVE-2019-3692 Local privilege escalation from user news to root in the packaging of inn — SUSE Linux Enterprise Server 11CWE-59 7.7 High2020-01-24
CVE-2019-3687 "easy" permission profile allows everyone execute dumpcap and read all network traffic — SUSE Linux Enterprise ServerCWE-276 4.0 Medium2020-01-24
CVE-2019-3691 Local privilege escalation from user munge to root — SUSE Linux Enterprise Server 15CWE-59 7.7 High2020-01-23
CVE-2019-18898 trousers: Local privilege escalation from tss to root — SUSE Linux Enterprise Server 15 SP1CWE-59 7.7 High2020-01-23
CVE-2019-3686 XSS in distri and version parameter in openQA — openQACWE-79 6.5 Medium2020-01-17

This page lists every published CVE security advisory associated with suse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.