Vulnerabilities > Netapp > Oncommand Unified Manager

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2015-7852 Improper Input Validation vulnerability in multiple products
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
network
high complexity
ntp debian netapp oracle redhat CWE-20
5.9
5.9
2017-08-07 CVE-2015-7850 Infinite Loop vulnerability in multiple products
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
network
low complexity
ntp debian netapp CWE-835
6.5
6.5
2017-08-07 CVE-2015-7849 Use After Free vulnerability in multiple products
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
network
low complexity
ntp netapp CWE-416
8.8
8.8
2017-08-07 CVE-2015-7705 Improper Input Validation vulnerability in multiple products
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
network
low complexity
ntp netapp citrix siemens CWE-20
critical
 9.8
9.8
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
7.5
7.5
2017-08-07 CVE-2015-7702 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
6.5
6.5
2017-08-07 CVE-2015-7701 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
network
low complexity
ntp oracle debian netapp redhat CWE-772
7.5
7.5
2017-08-07 CVE-2015-7692 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
7.5
2017-08-07 CVE-2015-7691 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
7.5
2017-07-27 CVE-2016-8743 Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers.
network
low complexity
apache netapp debian redhat
7.5
7.5