Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2015-7854 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
network
low complexity
ntp netapp CWE-120
8.8
8.8
2017-08-07 CVE-2015-7849 Use After Free vulnerability in multiple products
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
network
low complexity
ntp netapp CWE-416
8.8
8.8
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
7.5
7.5
2017-08-07 CVE-2015-7701 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
network
low complexity
ntp oracle debian netapp redhat CWE-772
7.5
7.5
2017-08-07 CVE-2015-7692 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
7.5
2017-08-07 CVE-2015-7691 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
7.5
2017-08-07 CVE-2015-7571 Unrestricted Upload of File with Dangerous Type vulnerability in Yeager CMS 1.2.1
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
local
low complexity
yeager CWE-434
7.8
7.8
2017-08-07 CVE-2015-5946 Incomplete Blacklist vulnerability in Sugarcrm 6.5.22
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
local
low complexity
sugarcrm CWE-184
7.8
7.8
2017-08-07 CVE-2014-9831 Improper Access Control vulnerability in Imagemagick
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
network
low complexity
imagemagick CWE-284
8.8
8.8
2017-08-07 CVE-2014-9830 Improper Access Control vulnerability in Imagemagick
coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file.
network
low complexity
imagemagick CWE-284
8.8
8.8