High

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-08	CVE-2017-10067	Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). network high complexity oracle debian redhat netapp	7.5
2017-08-07	CVE-2015-7854	Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. network low complexity ntp netapp CWE-120	8.8
2017-08-07	CVE-2015-7849	Use After Free vulnerability in multiple products Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. network low complexity ntp netapp CWE-416	8.8
2017-08-07	CVE-2015-7704	Improper Input Validation vulnerability in multiple products The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. network low complexity ntp debian netapp redhat mcafee citrix CWE-20	7.5
2017-08-07	CVE-2015-7701	Missing Release of Resource after Effective Lifetime vulnerability in multiple products Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). network low complexity ntp oracle debian netapp redhat CWE-772	7.5
2017-08-07	CVE-2015-7692	Improper Input Validation vulnerability in multiple products The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). network low complexity ntp oracle debian netapp redhat CWE-20	7.5
2017-08-07	CVE-2015-7691	Improper Input Validation vulnerability in multiple products The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. network low complexity ntp oracle debian netapp redhat CWE-20	7.5
2017-07-24	CVE-2015-7703	Improper Input Validation vulnerability in multiple products The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. network low complexity ntp oracle debian netapp redhat CWE-20	7.5
2017-02-03	CVE-2016-10165	Out-of-bounds Read vulnerability in multiple products The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. local low complexity littlecms debian canonical opensuse redhat netapp CWE-125	7.1
2016-11-10	CVE-2016-5195	Race Condition vulnerability in multiple products Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." local high complexity canonical linux redhat debian fedoraproject paloaltonetworks netapp CWE-362	7.0