Vulnerabilities > Netapp > Oncommand Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-10053 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D).
network
low complexity
oracle debian redhat netapp phoenixcontact
5.3
2017-08-07 CVE-2015-7871 Improper Authentication vulnerability in multiple products
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
network
low complexity
ntp debian netapp CWE-287
critical
9.8
2017-08-07 CVE-2015-7855 Improper Input Validation vulnerability in multiple products
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
network
low complexity
ntp debian netapp siemens CWE-20
6.5
2017-08-07 CVE-2015-7854 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
network
low complexity
ntp netapp CWE-120
8.8
2017-08-07 CVE-2015-7853 Classic Buffer Overflow vulnerability in multiple products
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
network
low complexity
ntp netapp CWE-120
critical
9.8
2017-08-07 CVE-2015-7852 Improper Input Validation vulnerability in multiple products
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
network
high complexity
ntp debian netapp oracle redhat CWE-20
5.9
2017-08-07 CVE-2015-7850 Infinite Loop vulnerability in multiple products
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
network
low complexity
ntp debian netapp CWE-835
6.5
2017-08-07 CVE-2015-7849 Use After Free vulnerability in multiple products
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
network
low complexity
ntp netapp CWE-416
8.8
2017-08-07 CVE-2015-7705 Improper Input Validation vulnerability in multiple products
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
network
low complexity
ntp netapp citrix siemens CWE-20
critical
9.8
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
7.5