Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-07	CVE-2015-7850	Infinite Loop vulnerability in NTP ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. network low complexity ntp debian netapp CWE-835	4.0
2017-08-07	CVE-2015-7849	Use After Free vulnerability in NTP Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. network low complexity ntp netapp CWE-416	6.5
2017-08-07	CVE-2015-7704	Improper Input Validation vulnerability in multiple products The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. network low complexity ntp debian netapp redhat mcafee citrix CWE-20	5.0
2017-08-07	CVE-2015-7702	Improper Input Validation vulnerability in NTP The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). network low complexity ntp oracle debian netapp redhat CWE-20	4.0
2017-08-07	CVE-2015-7701	Missing Release of Resource after Effective Lifetime vulnerability in NTP Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption). network low complexity ntp oracle debian netapp redhat CWE-772	5.0
2017-08-07	CVE-2015-7692	Improper Input Validation vulnerability in NTP The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). network low complexity ntp oracle debian netapp redhat CWE-20	5.0
2017-08-07	CVE-2015-7691	Improper Input Validation vulnerability in NTP The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. network low complexity ntp oracle debian netapp redhat CWE-20	5.0
2017-08-07	CVE-2015-7887	Improper Access Control vulnerability in Netapp Snapcenter Server 1.0 NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. network low complexity netapp CWE-284	6.5
2017-07-25	CVE-2017-8919	Unspecified vulnerability in Netapp Oncommand API Services 1.0/1.1/1.2 NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password when a user attempts to log in using the REST API, which allows remote authenticated users to obtain sensitive password information via unspecified vectors. network low complexity netapp	4.0
2017-07-24	CVE-2015-7703	Improper Input Validation vulnerability in NTP The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. network ntp oracle debian netapp redhat CWE-20	4.3