SLES

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2026:0233-1 (see also SUSE bugzilla) Related CVEs: CVE-2026-22702 Upstream summary: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2017:0122-1 (see also SUSE bugzilla) Related CVEs: CVE-2016-1246 CVE-2016-1251 CVE-2017-10788 CVE-2017-10789 CVE-2016-1249 Upstream summary: Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2015:0271-1 (see also SUSE bugzilla) Related CVEs: CVE-2014-9622 CVE-2017-18266 Upstream summary: Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2020:2109-1 (see also SUSE bugzilla) Related CVEs: CVE-2020-14019 Upstream summary: Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2016:1138-1 (see also SUSE bugzilla) Related CVEs: CVE-2016-1601 Upstream summary: yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, does not properly set empty password fields in /etc/shadow during an […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 16 📖 ~4 min read  •  Source: SUSE advisory SUSE-CU-2020:110-1 (see also SUSE bugzilla) Related CVEs: CVE-2019-3687 CVE-2019-3690 CVE-2020-8013 CVE-2022-31252 CVE-2019-3688 Upstream summary: The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2025:03025-1 (see also SUSE bugzilla) Related CVEs: CVE-2025-7962 Upstream summary: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2024:0800-1 (see also SUSE bugzilla) Related CVEs: CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 CVE-2023-39320 CVE-2023-39321 CVE-2023-39322  +4 more Upstream summary: When following an HTTP redirect to a domain which is not a subdomain […]

🟠 High   ⏱ 15–60 min  Last verified: 25 May 2026 Affected versions: SLES 12 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2022:3320-1 (see also SUSE bugzilla) Related CVEs: CVE-2021-3618 CVE-2015-1419 Upstream summary: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as […]

🟡 Medium   ⏱ 10–30 min  Last verified: 25 May 2026 Affected versions: SLES 15 📖 ~4 min read  •  Source: SUSE advisory SUSE-SU-2015:1513-1 (see also SUSE bugzilla) Related CVEs: CVE-2015-5522 CVE-2015-5523 CVE-2016-6583 Upstream summary: Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial […]