Novell: >> Suse Linux Enterprise Desktop >> 10.0 Security Vulnerabilities
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVSS Score
3.4
EPSS Score
0.942
Published
2014-10-15
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.
CVSS Score
7.8
EPSS Score
0.0
Published
2008-07-09