Suse Linux Enterprise Server

DATE	CVE	VULNERABILITY TITLE	RISK
2014-11-10	CVE-2014-3687	Resource Exhaustion vulnerability in multiple products The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. network low complexity linux redhat canonical opensuse novell suse debian oracle CWE-400	7.5
2014-10-15	CVE-2014-3566	Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. network high complexity redhat ibm apple mageia novell opensuse fedoraproject openssl netbsd debian oracle CWE-310	3.4
2014-10-13	CVE-2014-7970	Resource Exhaustion vulnerability in multiple products The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . local low complexity novell linux canonical CWE-400	5.5
2008-07-09	CVE-2008-2931	Improper Privilege Management vulnerability in multiple products The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. local low complexity linux debian novell opensuse canonical CWE-269	7.8