Software Detail
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
Number of items displayed
SUSE Linux Enterprise Server Number Of NVD 457 CRITICAL 19 HIGH 176 MEDIUM 211 LOW 51
URL https://www.suse.com/
Explanation Support is normally provided for 10 years after release, with service pack releases ending after about 8 years.
After 10 years, extended support is available for a fee, with yearly updates.
Tag
  • Linux
  • 商用ライセンス有り
Add Information URL
No Type Name URL
1 https://www.suse.com/lifecycle/
2 https://www.suse.com/support/policy/
3 https://www.suse.com/releasenotes/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP5 May 22, 2023 July 16, 2018 July 31, 2028 July 31, 2031 3 8 2 1
2 SUSE Linux Enterprise Server 12 Service Pack 5 Dec. 9, 2019 Oct. 24, 2014 Oct. 31, 2024 Oct. 31, 2027 14 37 74 9
3 SUSE Linux Enterprise Server 11 March 24, 2009 March 31, 2019 March 31, 2022 11 147 145 31
4 SUSE Linux Enterprise Server 10 June 17, 2006 July 31, 2013 1 103 64 23
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 7.5
- 		HIGH
Network 		The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-o… NVD-CWE-noinfo
CVE-2023-29552 cpe:2.3:o:suse:linux_enterprise_server:15:*
cpe:2.3:o:suse:linux_enterprise_server:15:*
cpe:2.3:o:suse:linux_ente… 		2023-05-5 04:07
2023-04-26 		Show GitHub Exploit DB Packet Storm
2 5.5
- 		MEDIUM
Local 		In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is di… Update CWE-476
 NULL Pointer Dereference 		CVE-2023-23005 cpe:2.3:o:suse:linux_enterprise_server:15:sp5 2024-05-17 11:19
2023-03-2 		Show GitHub Exploit DB Packet Storm
3 7.8
- 		HIGH
Local 		An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4… CWE-276
Incorrect Default Permissions  		CVE-2022-45153 cpe:2.3:o:suse:linux_enterprise_server:12:sp5 2023-02-25 03:57
2023-02-15 		Show GitHub Exploit DB Packet Storm
4 4.4
- 		MEDIUM
Local 		A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE Leap 15.4, openSUSE Leap Micro 5.2 did not consider group writable path compone… CWE-863
 Incorrect Authorization 		CVE-2022-31252 cpe:2.3:o:suse:linux_enterprise_server:12:sp5 2022-11-8 05:20
2022-10-7 		Show GitHub Exploit DB Packet Storm
5 5.5
- 		MEDIUM
Local 		IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores pl… CWE-312
 Cleartext Storage of Sensitive Information 		CVE-2015-1931 cpe:2.3:o:suse:linux_enterprise_server:11:sp4
cpe:2.3:o:suse:linux_enterprise_server:11:sp3
cpe:2.3:o:suse:linux_… 		2022-09-30 12:04
2022-09-29 		Show GitHub Exploit DB Packet Storm
6 7.8
7.2 		HIGH
Local 		In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CWE-787
 Out-of-bounds Write 		CVE-2022-27239 cpe:2.3:o:suse:linux_enterprise_server:15:sp4
cpe:2.3:o:suse:linux_enterprise_server:15:sp3
cpe:2.3:o:suse:linux_… 		2023-11-25 00:15
2022-04-27 		Show GitHub Exploit DB Packet Storm
7 7.8
4.6 		HIGH
Local 		An issue was discovered in Cobbler before 3.3.1. In the templar.py file, the function check_for_invalid_imports can allow Cheetah code to import Python modules via the "#from MODULE import" substring… CWE-77
Command Injection 		CVE-2021-45082 cpe:2.3:o:suse:linux_enterprise_server:15:sp3
cpe:2.3:o:suse:linux_enterprise_server:15:sp2
cpe:2.3:o:suse:linux_… 		2023-11-7 12:39
2022-02-19 		Show GitHub Exploit DB Packet Storm
8 7.8
7.2 		HIGH
Local 		A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users accor… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2021-4034 cpe:2.3:o:suse:linux_enterprise_server:15:sp2
cpe:2.3:o:suse:linux_enterprise_server:15:sp2 		2023-11-7 12:40
2022-01-29 		Show GitHub Exploit DB Packet Storm
9 7.5
5.0 		HIGH
Network 		The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exp… CWE-400
 Uncontrolled Resource Consumption 		CVE-2002-20001 cpe:2.3:o:suse:linux_enterprise_server:15:*
cpe:2.3:o:suse:linux_enterprise_server:12:-
cpe:2.3:o:suse:linux_ente… 		2024-04-23 16:15
2021-11-12 		Show GitHub Exploit DB Packet Storm
10 7.1
6.6 		HIGH
Local 		A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; ope… CWE-59
Link Following 		CVE-2021-32000 cpe:2.3:o:suse:linux_enterprise_server:15:sp1
cpe:2.3:o:suse:linux_enterprise_server:12:sp3 		2023-06-22 00:19
2021-07-28 		Show GitHub Exploit DB Packet Storm