CVE Daily
← All tags

Tag: SUSE Linux Enterprise Server

All CVEs associated with "SUSE Linux Enterprise Server". Page 1/1 • 54 CVEs.

About “SUSE Linux Enterprise Server”

A curated feed of “SUSE Linux Enterprise Server”-related CVEs appears below. We currently track 54 CVEs for this tag (all time). In the last 365 days, 1 were published. Average CVSS is 6.3 (all time; 7.3 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-284 - Improper Access Control.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: sles

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestExtended SupportEOLLTS
16.0-
15.7-
15.6- Expired
15.5- Expired
15.4- Expired
15.3- Expired
15.2- Expired
12.5- Expired
15.1- Expired
12.4- Expired
15.0- Expired
12.3- Expired
12.2- Expired
12.1- Expired
11.4- Expired
12.0- Expired
11.3- Expired
11.2- Expired
10.4- Expired
11.1- Expired
10.3- Expired
11.0- Expired
10.2- Expired
10.1- Expired
10.0- Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “SUSE Linux Enterprise Server”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-03-05
High

CVE-2026-25702

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects S…

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
2025-01-08
Medium

CVE-2024-52869

Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux S…

CVSS: 6.0 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
2023-02-15
Medium

CVE-2022-45154

A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers t…

CVSS: 4.4 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
High

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4…

CVSS: 7.0 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-02-07
Medium

CVE-2023-22643

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.…

CVSS: 6.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
High

CVE-2022-31254

A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSU…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2022-10-06
Medium

CVE-2022-31252

A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path compone…

CVSS: 4.4 CWE: CWE-863 - Incorrect Authorization View on NVD
2022-03-16
Medium

CVE-2021-46705

A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Lin…

CVSS: 5.1 CWE: CWE-377 - Insecure Temporary File View on NVD
2021-07-28
Low

CVE-2021-32000

A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; ope…

CVSS: 3.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2021-06-30
High

CVE-2021-25321

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 al…

CVSS: 7.8 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
Critical

CVE-2019-18906

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without havin…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2021-06-10
Medium

CVE-2021-31998

A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate thei…

CVSS: 6.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-05-05
Low

CVE-2021-25317

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factor…

CVSS: 3.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2021-04-14
Low

CVE-2021-25316

A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affec…

CVSS: 3.3 CWE: CWE-377 - Insecure Temporary File View on NVD
2021-03-03
Critical

CVE-2021-25315

CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2021-02-11
High

CVE-2020-8027

A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Leap 15.2 allows local attackers to…

CVSS: 7.3 CWE: CWE-377 - Insecure Temporary File View on NVD
2020-09-01
High

CVE-2020-8023

A acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in the start script of openldap2 of SUSE Enterprise Storage 5, SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise…

CVSS: 7.7 CWE: CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data View on NVD
2020-08-07
Medium

CVE-2020-8025

A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP…

CVSS: 6.1 CWE: CWE-279 - Incorrect Execution-Assigned Permissions View on NVD
2020-06-29
High

CVE-2020-8019

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Linux Enterprise Debuginfo 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP4, SUSE Linux Enterprise Module fo…

CVSS: 7.7 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
High

CVE-2020-8022

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux En…

CVSS: 7.7 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2020-05-04
High

CVE-2020-8018

A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST-BYOS and SLES15-SP1-CAP-Deployment-BYOS images of SUSE Linux Enterprise Server 15 SP1 allows local attackers with the UID 1000 to…

CVSS: 8.4 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2020-04-03
Medium

CVE-2019-18905

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprec…

CVSS: 4.8 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
Medium

CVE-2019-18904

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise…

CVSS: 6.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2020-03-03
High

CVE-2019-3696

A Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performanc…

CVSS: 8.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-3695

A Improper Control of Generation of Code vulnerability in the packaging of pcp of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS,…

CVSS: 8.4 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2020-03-02
Low

CVE-2020-8013

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for spe…

CVSS: 2.2 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-18903

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code exec…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2019-18902

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code exec…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2019-18901

A UNIX Symbolic Link (Symlink) Following vulnerability in the mysql-systemd-helper of the mariadb packaging of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows local attackers…

CVSS: 5.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-18897

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalat…

CVSS: 8.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-02-28
Medium

CVE-2019-3698

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to…

CVSS: 5.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2020-01-27
Medium

CVE-2018-20105

A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log…

CVSS: 4.0 CWE: CWE-532 - Insertion of Sensitive Information into Log File View on NVD
Medium

CVE-2018-12476

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the mach…

CVSS: 4.3 CWE: CWE-23 - Relative Path Traversal View on NVD
2020-01-24
Medium

CVE-2019-18900

: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store use…

CVSS: 4.0 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2019-3693

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privile…

CVSS: 7.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-3692

The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enter…

CVSS: 7.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2019-3687

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Ser…

CVSS: 4.0 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2020-01-23
High

CVE-2019-3691

A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root…

CVSS: 7.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2019-18898

UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root…

CVSS: 7.7 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2019-10-07
Medium

CVE-2019-3688

The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 ha…

CVSS: 5.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2019-09-19
Medium

CVE-2019-3689

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var…

CVSS: 5.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2017-03-23
High

CVE-2016-1602

A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attacke…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2016-04-18
Medium

CVE-2016-4036

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading…

CVSS: 5.5 CWE: CWE-264 View on NVD
2011-11-04
Low

CVE-2011-3171

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote serve…

CVSS: 3.6 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2011-04-18
Medium

CVE-2011-0988

pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows…

CVSS: 4.4 CWE: CWE-264 View on NVD
2009-07-05
High

CVE-2009-1648

The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise Server 11 (aka SLE11) does not enable the firewall in certain circumstances involving reboots during online updates, which makes it…

CVSS: 7.5 CWE: CWE-16 View on NVD
2009-03-30
High

CVE-2009-0115

The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating syste…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2007-10-16
High

CVE-2007-5471

libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of se…

CVSS: 7.8 CWE: N/A View on NVD
2006-06-01
Medium

CVE-2006-2752

The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password.

CVSS: 6.4 CWE: N/A View on NVD
2006-02-11
Medium

CVE-2006-0646

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other use…

CVSS: 4.4 CWE: N/A View on NVD
2005-12-31
High

CVE-2005-3655

Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST req…

CVSS: 7.5 CWE: N/A View on NVD
2005-08-08
High

CVE-2005-2500

Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly exe…

CVSS: 7.5 CWE: N/A View on NVD
2005-01-27
High

CVE-2004-0887

SUSE Linux Enterprise Server 9 on the S/390 platform does not properly handle a certain privileged instruction, which allows local users to gain root privileges.

CVSS: 7.2 CWE: N/A View on NVD
2005-01-10
Low

CVE-2004-1190

SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorize…

CVSS: 2.1 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox