SUSE Linux Enterprise Server vulnerabilities: known CVEs & security history
SUSE · Operating System · 500 tracked CVEs · 18 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all SUSE Linux Enterprise Server release lines — 500 in total, with 18 actively exploited in the wild. A CVE here doesn't mean your version is affected — check SUSE Linux Enterprise Server's current status and the safe version to run.
Known SUSE Linux Enterprise Server CVEs
Actively-exploited and most-severe first. Showing the top 80 of 500. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2016-3427⚡ exploited | critical | 9.8 | 92% | 2016 |
| CVE-2015-2590⚡ exploited | critical | 9.8 | 26% | 2015 |
| CVE-2014-7169⚡ exploited | critical | 9.8 | 100% | 2014 |
| CVE-2014-6271⚡ exploited | critical | 9.8 | 100% | 2014 |
| CVE-2013-2465⚡ exploited | critical | 9.8 | 99% | 2013 |
| CVE-2012-0507⚡ exploited | critical | 9.8 | 98% | 2012 |
| CVE-2012-1823⚡ exploited | critical | 9.8 | 100% | 2012 |
| CVE-2011-3544⚡ exploited | critical | 9.8 | 97% | 2011 |
| CVE-2015-4495⚡ exploited | high | 8.8 | 70% | 2015 |
| CVE-2013-1690⚡ exploited | high | 8.8 | 69% | 2013 |
| CVE-2026-31431⚡ exploited | high | 7.8 | 76% | 2026 |
| CVE-2021-4034⚡ exploited | high | 7.8 | 95% | 2022 |
| CVE-2014-3153⚡ exploited | high | 7.8 | 37% | 2014 |
| CVE-2010-3904⚡ exploited | high | 7.8 | 11% | 2010 |
| CVE-2023-29552⚡ exploited | high | 7.5 | 66% | 2023 |
| CVE-2016-3718⚡ exploited | medium | 5.5 | 77% | 2016 |
| CVE-2016-3715⚡ exploited | medium | 5.5 | 75% | 2016 |
| CVE-2015-4902⚡ exploited | medium | 5.3 | 13% | 2015 |
| CVE-2019-18906 | critical | 9.8 | 1% | 2021 |
| CVE-2016-1000030 | critical | 9.8 | 2% | 2018 |
| CVE-2017-18017 | critical | 9.8 | 52% | 2018 |
| CVE-2017-14491 | critical | 9.8 | 85% | 2017 |
| CVE-2014-9852 | critical | 9.8 | 3% | 2017 |
| CVE-2016-5772 | critical | 9.8 | 10% | 2016 |
| CVE-2016-5118 | critical | 9.8 | 49% | 2016 |
| CVE-2016-0718 | critical | 9.8 | 13% | 2016 |
| CVE-2016-1601 | critical | 9.8 | 2% | 2016 |
| CVE-2015-8779 | critical | 9.8 | 6% | 2016 |
| CVE-2015-8778 | critical | 9.8 | 6% | 2016 |
| CVE-2014-9761 | critical | 9.8 | 6% | 2016 |
| CVE-2016-2324 | critical | 9.8 | 19% | 2016 |
| CVE-2016-2315 | critical | 9.8 | 17% | 2016 |
| CVE-2015-0192 | critical | 9.8 | 5% | 2015 |
| CVE-2010-2941 | critical | 9.8 | 6% | 2010 |
| CVE-2010-1205 | critical | 9.8 | 43% | 2010 |
| CVE-2015-5041 | critical | 9.1 | 4% | 2016 |
| CVE-2015-8776 | critical | 9.1 | 5% | 2016 |
| CVE-2015-2738 | high | 10 | 3% | 2015 |
| CVE-2015-2737 | high | 10 | 3% | 2015 |
| CVE-2015-2734 | high | 10 | 3% | 2015 |
| CVE-2014-1488 | high | 10 | 7% | 2014 |
| CVE-2013-5610 | high | 10 | 7% | 2013 |
| CVE-2013-0767 | high | 10 | 6% | 2013 |
| CVE-2012-5835 | high | 10 | 9% | 2012 |
| CVE-2012-4218 | high | 10 | 6% | 2012 |
| CVE-2012-4212 | high | 10 | 6% | 2012 |
| CVE-2012-3983 | high | 10 | 5% | 2012 |
| CVE-2012-3968 | high | 10 | 6% | 2012 |
| CVE-2012-3963 | high | 10 | 6% | 2012 |
| CVE-2012-3961 | high | 10 | 7% | 2012 |
| CVE-2012-3960 | high | 10 | 5% | 2012 |
| CVE-2012-3959 | high | 10 | 5% | 2012 |
| CVE-2012-3957 | high | 10 | 8% | 2012 |
| CVE-2012-3956 | high | 10 | 5% | 2012 |
| CVE-2012-1976 | high | 10 | 6% | 2012 |
| CVE-2012-1975 | high | 10 | 6% | 2012 |
| CVE-2012-1974 | high | 10 | 6% | 2012 |
| CVE-2012-1973 | high | 10 | 6% | 2012 |
| CVE-2012-1972 | high | 10 | 6% | 2012 |
| CVE-2012-1970 | high | 10 | 6% | 2012 |
| CVE-2012-0444 | high | 10 | 8% | 2012 |
| CVE-2011-4862 | high | 10 | 95% | 2011 |
| CVE-2015-5165 | high | 9.3 | 13% | 2015 |
| CVE-2015-0492 | high | 9.3 | 4% | 2015 |
| CVE-2014-1494 | high | 9.3 | 5% | 2014 |
| CVE-2014-1490 | high | 9.3 | 4% | 2014 |
| CVE-2012-6075 | high | 9.3 | 5% | 2013 |
| CVE-2013-0771 | high | 9.3 | 5% | 2013 |
| CVE-2013-0770 | high | 9.3 | 6% | 2013 |
| CVE-2013-0769 | high | 9.3 | 6% | 2013 |
| CVE-2013-0768 | high | 9.3 | 8% | 2013 |
| CVE-2013-0766 | high | 9.3 | 5% | 2013 |
| CVE-2013-0764 | high | 9.3 | 3% | 2013 |
| CVE-2013-0763 | high | 9.3 | 4% | 2013 |
| CVE-2013-0762 | high | 9.3 | 5% | 2013 |
| CVE-2013-0761 | high | 9.3 | 4% | 2013 |
| CVE-2013-0760 | high | 9.3 | 5% | 2013 |
| CVE-2013-0758 | high | 9.3 | 73% | 2013 |
| CVE-2013-0757 | high | 9.3 | 61% | 2013 |
| CVE-2013-0756 | high | 9.3 | 4% | 2013 |
420 older / lower-severity CVEs not shown — see SUSE Linux Enterprise Server's full record.
Is my SUSE Linux Enterprise Server version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your SUSE Linux Enterprise Server version → · Monitor SUSE Linux Enterprise Server for new CVEs →
SUSE Linux Enterprise Server vulnerabilities — frequently asked
How many known vulnerabilities does SUSE Linux Enterprise Server have?
IsItPatched tracks 500 CVEs for SUSE Linux Enterprise Server, 18 of which are actively exploited (CISA KEV). 27 are critical-severity and 193 high-severity. These span every release line — what matters is whether the version you run is affected.
Does SUSE Linux Enterprise Server have any actively-exploited vulnerabilities?
Yes — 18 SUSE Linux Enterprise Server CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (2 linked to ransomware). Patch these as a priority.
What is the most severe SUSE Linux Enterprise Server vulnerability?
Among tracked issues, CVE-2016-3427 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a Improper access control weakness.
Is SUSE Linux Enterprise Server safe to use?
It depends on the version. The latest supported SUSE Linux Enterprise Server release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: SUSE Linux Enterprise Server security status · SUSE Linux Enterprise Server end-of-life · actively-exploited CVEs. Always verify against SUSE's advisories — see our disclaimer.