Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
SUSE Linux Enterprise Server Number Of NVD 472 CRITICAL 27 HIGH 179 MEDIUM 215 LOW 51
URL https://www.suse.com/
Explanation Support is normally provided for 10 years after release, with service pack releases ending after about 8 years.
After 10 years, extended support is available for a fee, with yearly updates.
Tag
  • 商用ライセンス有り
  • Linux
Add Information URL
No Type Name URL
1 https://www.suse.com/lifecycle/
2 https://www.suse.com/support/policy/
3 https://www.suse.com/releasenotes/
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
21 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP5 May 22, 2023 July 16, 2018 July 31, 2028 July 31, 2031 3 8 2 1
22 SUSE Linux Enterprise Server 12 Service Pack 5 Dec. 9, 2019 Oct. 24, 2014 Oct. 31, 2024 Oct. 31, 2027 18 41 78 9
23 SUSE Linux Enterprise Server 11 March 24, 2009 March 31, 2019 March 31, 2022 15 149 148 31
24 SUSE Linux Enterprise Server 10 June 17, 2006 July 31, 2013 6 104 65 23
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
21 7.8
7.2 		HIGH
Local 		A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalat… - CVE-2019-18897 cpe:2.3:o:suse:linux_enterprise_server:15:*
cpe:2.3:o:suse:linux_enterprise_server:12:* 		2024-11-21 13:33
2020-03-3 		Show GitHub Exploit DB Packet Storm
22 7.8
6.8 		HIGH
Local 		Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary … CWE-787
 Out-of-bounds Write 		CVE-2014-1947 cpe:2.3:o:suse:linux_enterprise_server:11:sp3
cpe:2.3:o:suse:linux_enterprise_server:11:sp3 		2024-11-21 11:05
2020-02-18 		Show GitHub Exploit DB Packet Storm
23 6.8
3.2 		MEDIUM
Adjacent 		NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. CWE-295
Improper Certificate Validation  		CVE-2006-7246 cpe:2.3:o:suse:linux_enterprise_server:11:sp1 2024-11-21 09:24
2020-01-28 		Show GitHub Exploit DB Packet Storm
24 3.3
1.9 		LOW
Local 		The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Ser… CWE-276
Incorrect Default Permissions  		CVE-2019-3687 cpe:2.3:o:suse:linux_enterprise_server:-:* 2024-11-21 13:42
2020-01-24 		Show GitHub Exploit DB Packet Storm
25 6.5
4.0 		MEDIUM
Network 		Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2015-5239 cpe:2.3:o:suse:linux_enterprise_server:12:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4
cpe:2.3:o:suse:linux_en… 		2024-11-21 11:32
2020-01-24 		Show GitHub Exploit DB Packet Storm
26 8.8
6.5 		HIGH
Network 		obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. CWE-863
 Incorrect Authorization 		CVE-2010-3782 cpe:2.3:o:suse:linux_enterprise_server:11:sp1 2024-11-21 10:19
2020-01-3 		Show GitHub Exploit DB Packet Storm
27 8.8
9.0 		HIGH
Network 		An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. CWE-269
 Improper Privilege Management 		CVE-2012-6639 cpe:2.3:o:suse:linux_enterprise_server:11:sp3
cpe:2.3:o:suse:linux_enterprise_server:11:sp2 		2024-11-21 10:46
2019-11-26 		Show GitHub Exploit DB Packet Storm
28 7.5
5.0 		HIGH
Network 		A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote m… CWE-476
 NULL Pointer Dereference 		CVE-2016-5285 cpe:2.3:o:suse:linux_enterprise_server:11:sp2 2024-11-21 11:53
2019-11-16 		Show GitHub Exploit DB Packet Storm
29 5.3
5.0 		MEDIUM
Network 		When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3… CWE-908
 Use of Uninitialized Resource 		CVE-2019-11038 cpe:2.3:o:suse:linux_enterprise_server:12:sp5
cpe:2.3:o:suse:linux_enterprise_server:12:sp4 		2024-11-21 13:20
2019-06-19 		Show GitHub Exploit DB Packet Storm
30 7.5
5.0 		HIGH
Network 		LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third p… CWE-772
 Missing Release of Resource after Effective Lifetime 		CVE-2017-16232 cpe:2.3:o:suse:linux_enterprise_server:12:sp3
cpe:2.3:o:suse:linux_enterprise_server:12:sp2
cpe:2.3:o:suse:linux_… 		2024-11-21 12:16
2019-03-22 		Show GitHub Exploit DB Packet Storm