Common Problems

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:1007-1 (see also SUSE bugzilla) Related CVEs: CVE-2022-1271 Upstream summary: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:0770-1 (see also SUSE bugzilla) Related CVEs: CVE-2024-0074 CVE-2024-0075 CVE-2022-42265 CVE-2023-31022 Upstream summary: NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2015:1513-1 (see also SUSE bugzilla) Related CVEs: CVE-2015-5522 CVE-2015-5523 CVE-2016-6583 Upstream summary: Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03087-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-40918 Upstream summary: Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SA:2011:035 (see also SUSE bugzilla) Related CVEs: CVE-2011-2483 Upstream summary: crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2014:0870-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-0107 Upstream summary: The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2022:137-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-22959 CVE-2021-22960 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2023-30589 Upstream summary: The parser in accepts requests with a space (SP) right after the header name before the colon. […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2023:712-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-33813 Upstream summary: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:1451-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-39929 Upstream summary: Uncontrolled search path in some Libva software maintained by Intel(R) before version 2.20.0 may allow an authenticated user to potentially enable escalation […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory RHSA-2025:10353 (see also SUSE bugzilla) Related CVEs: CVE-2024-54661 CVE-2013-3571 CVE-2014-0019 Upstream summary: readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. Table of contents Symptom & Impact Environment & Reproduction Root Cause […]