Vulnerabilities > Novell > Suse Linux Enterprise Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-11-10 | CVE-2014-3690 | Resource Exhaustion vulnerability in multiple products arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. | 5.5 |
| 2014-11-10 | CVE-2014-3687 | Resource Exhaustion vulnerability in multiple products The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. | 7.5 |
| 2014-10-15 | CVE-2014-3566 | Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | 3.4 |
| 2014-10-13 | CVE-2014-7970 | Resource Exhaustion vulnerability in multiple products The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . | 4.9 |
| 2013-11-05 | CVE-2013-4419 | Permissions, Privileges, and Access Controls vulnerability in multiple products The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. | 6.8 |
| 2013-08-19 | CVE-2013-3567 | Improper Input Validation vulnerability in multiple products Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call. | 7.5 |
| 2008-12-11 | CVE-2008-5423 | Information Exposure vulnerability in SUN RAY Server Software and RAY Windows Connector Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. | 4.3 |
| 2008-12-11 | CVE-2008-5422 | Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | 7.5 |
| 2008-07-09 | CVE-2008-2931 | Improper Privilege Management vulnerability in multiple products The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | 7.8 |
| 2008-05-08 | CVE-2008-2112 | Privilege Escalation vulnerability in SUN RAY Server Software 4.0 Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and remote authenticated Sun Ray administrators to gain root privileges via unknown vectors related to utconfig. | 8.5 |