Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-07	CVE-2015-7855	Improper Input Validation vulnerability in multiple products The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. network low complexity ntp debian netapp siemens CWE-20	4.0
2017-08-07	CVE-2015-7854	Classic Buffer Overflow vulnerability in NTP Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. network low complexity ntp netapp CWE-120	6.5
2017-08-07	CVE-2015-7852	Improper Input Validation vulnerability in NTP ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. network ntp debian netapp oracle redhat CWE-20	4.3
2017-08-07	CVE-2015-7850	Infinite Loop vulnerability in NTP ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. network low complexity ntp debian netapp CWE-835	4.0
2017-08-07	CVE-2015-7849	Use After Free vulnerability in NTP Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. network low complexity ntp netapp CWE-416	6.5
2017-01-30	CVE-2016-2518	Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. network low complexity ntp debian netapp oracle redhat freebsd siemens CWE-125	5.0
2017-01-30	CVE-2015-7977	NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. network ntp oracle siemens netapp freebsd fedoraproject debian canonical CWE-476	4.3
2017-01-30	CVE-2015-7973	7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. network ntp siemens freebsd netapp canonical CWE-254	5.8
2016-01-26	CVE-2015-7974	Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." network low complexity ntp siemens netapp debian CWE-287	4.0
2015-02-06	CVE-2014-9354	Information Exposure vulnerability in Netapp Oncommand Balance 4.2 NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage. network low complexity netapp CWE-200	4.0