Aggregates CVE and security vulnerability intelligence across all SUSE-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling, vendor risk input validation, vendor risk cross-site scripting, and vendor risk sql injection and related problems; some flaws may lead to vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-44543 | Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-path-provisioner. The helperPod.yaml template is loaded by the provisioner and used to create HelperPods during PVC provisioning and cleanup operations. However, the template is not sufficiently validate | [email protected] | 8.7 | 0.36% | 2026-05-28 | 2026-06-08 |
| CVE-2026-31431 KEV | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | 7.8 | 75.52% | 2026-04-22 | 2026-05-21 |
| CVE-2026-25702 | A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d. | [email protected] | 7.3 | 0.20% | 2026-03-05 | 2026-03-09 |
| CVE-2025-62879 | A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. | [email protected] | 6.8 | 0.34% | 2026-03-04 | 2026-03-05 |
| CVE-2025-67601 | A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts. | [email protected] | 8.3 | 0.15% | 2026-02-25 | 2026-03-03 |
| CVE-2025-6018 | A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user logged in via SSH) to obtain the elevated privileges normally reserved for a physically present, "allow_active" user. The highest risk is that the attacker can then perform all allow_active yes Polkit actions, which are typically restricted to console users, potentially gaining unauthorized con | [email protected] | 7.8 | 1.30% | 2025-07-23 | 2025-11-04 |
| CVE-2025-32463 KEV | Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. | [email protected] | 9.3 | 48.01% | 2025-06-30 | 2025-11-05 |
| CVE-2024-12087 | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server c | [email protected] | 6.5 | 2.22% | 2025-01-14 | 2026-04-14 |
| CVE-2024-12086 | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byt | [email protected] | 6.1 | 1.76% | 2025-01-14 | 2026-05-26 |
| CVE-2024-12085 | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. | [email protected] | 7.5 | 9.35% | 2025-01-14 | 2026-04-14 |
| CVE-2024-46956 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution. | [email protected] | 7.8 | 0.39% | 2024-11-10 | 2025-11-03 |
| CVE-2024-46955 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space. | [email protected] | 5.5 | 0.29% | 2024-11-10 | 2025-11-03 |
| CVE-2024-46953 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution. | [email protected] | 7.8 | 0.39% | 2024-11-10 | 2025-11-03 |
| CVE-2024-46951 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution. | [email protected] | 7.8 | 0.36% | 2024-11-10 | 2025-11-03 |
| CVE-2023-22649 | A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue. | [email protected] | 8.4 | 1.88% | 2024-10-16 | 2024-10-30 |
| CVE-2024-6387 | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. | [email protected] | 8.1 | 99.51% | 2024-07-01 | 2026-05-12 |
| CVE-2024-23301 | Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | [email protected] | 5.5 | 0.29% | 2024-01-12 | 2025-12-10 |
| CVE-2020-10676 | In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | [email protected] | 8.8 | 1.03% | 2023-12-12 | 2024-11-21 |
| CVE-2023-22644 | A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | [email protected] | 9.4 | 0.40% | 2023-09-20 | 2024-11-21 |
| CVE-2023-32182 | A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | [email protected] | 5.9 | 0.29% | 2023-09-19 | 2024-11-21 |