Vulnerabilities in SUSE

194 results
Vexday analysis

Com 193 CVEs catalogadas, o portfólio de vulnerabilidades da SUSE apresenta uma taxa de exploração ativa abaixo da média geral do catálogo, sem nenhum registro no CISA KEV, o que sugere menor exposição imediata a ataques confirmados. Ainda assim, 26 falhas de severidade crítica merecem atenção contínua, especialmente CVE-2025-46811, que concentra o maior escore EPSS observado (0,1032) e representa o risco mais elevado de exploração no curto prazo. A falha mais recorrente por tipo é CWE-276 (permissões padrão incorretas), um padrão que frequentemente decorre de configurações inadequadas durante implantação ou atualização de pacotes. Com apenas 2 CVEs com PoC pública e 9 surgidas nos últimos 90 dias, equipes de segurança devem manter ciclos de patching ativos, priorizando as críticas e monitorando a evolução do EPSS para as mais recentes.

CVE-2024-22029HIGHtomcat packaging allows for escalation to root from tomcat userEPSS 0.2%CVE-2025-54470HIGHNeuVector telemetry sender is vulnerable to MITM and DoSEPSS 0.2%CVE-2022-45154MEDIUMsupportconfig does not remove passwords in /etc/iscsi/iscsid.conf and /etc/target/lio_setup.shEPSS 0.2%CVE-2024-22037MEDIUMDatabase password leaked by systemd uyuni-server-attestation serviceEPSS 0.2%CVE-2025-53884MEDIUMNeuVector has an insecure password storage vulnerable to rainbow attackEPSS 0.2%CVE-2025-62875MEDIUMLocal DoS in OpenSMTPD via UNIX domain socket smtpd.sockEPSS 0.2%CVE-2025-67601HIGHRancher CLI skips TLS verification on Rancher CLI login commandEPSS 0.2%CVE-2023-32189MEDIUMInsecure handling SSH key in SUSE Manager when bootstrapping new clientsEPSS 0.1%CVE-2022-31252MEDIUMpermissions: chkstat does not check for group-writable parent directories or target files in safeOpen()EPSS 0.1%CVE-2025-23386HIGHgerbera: Privilege escalation from user gerbera to root because of insecure %post scriptEPSS 0.1%CVE-2025-62876MEDIUMA Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affeEPSS 0.1%CVE-2025-53882MEDIUMThe logrotate configuration in the python-mailman of openSUSE allows the mailman user to sent SIGHUP to arbitrary proceessEPSS 0.1%CVE-2025-67860LOWNeuVector scanner insecurely handles passwords as command argumentsEPSS 0.1%CVE-2026-41051MEDIUMcsync2 uses insecure temporary directories when compiled with C99 or laterEPSS 0.1%