Vulnerabilities > Netapp > Oncommand Performance Manager > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-10102 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
high complexity
oracle debian phoenixcontact netapp redhat
critical
9.0
2017-08-08 CVE-2017-10107 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-08 CVE-2017-10110 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-08 CVE-2017-10111 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).
network
low complexity
oracle debian redhat netapp
critical
9.6
2017-08-07 CVE-2015-7705 Improper Input Validation vulnerability in multiple products
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
network
low complexity
ntp netapp citrix siemens CWE-20
critical
9.8
2017-08-07 CVE-2015-7853 Classic Buffer Overflow vulnerability in multiple products
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
network
low complexity
ntp netapp CWE-120
critical
9.8
2017-08-07 CVE-2015-7871 Improper Authentication vulnerability in multiple products
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
network
low complexity
ntp debian netapp CWE-287
critical
9.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
9.8
2016-04-21 CVE-2016-3427 Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
network
low complexity
oracle canonical debian netapp apache redhat suse opensuse
critical
9.8