Lucene search
K
NetappOncommand Performance Manager

73 matches found

CVE
CVE
added 2017/01/30 9:0 p.m.197 views

CVE-2016-2518

CVE-2016-2518 affects NTP ntpd: MATCH_ASSOC() can trigger an out-of-bounds reference when handling addpeer with a large hmode. Affected versions are ntpd before 4.2.8p9 and 4.3.x before 4.3.92. Impact is a potential crash/denial of service via crafted packets. Mitigation: upgrade to fixed release...

5.3CVSS6.2AI score0.15081EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.197 views

CVE-2017-10293

CVE-2017-10293 is a vulnerability in the Oracle Java SE Javadoc component affecting Java SE versions 6u161, 7u151, 8u144, and 9. It permits an unauthenticated attacker with network access via HTTP to potentially read and modify Java data and read data, with user interaction required for exploitat...

6.1CVSS6.1AI score0.01489EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.196 views

CVE-2015-7691

CVE-2015-7691 affects ntpd’s crypto_xmit handling in NTP 4.2.x (before 4.2.8p4) and 4.3.x (before 4.3.77). The flaw arises from incomplete validation of autokey operations in crafted packets, allowing a remote attacker to crash ntpd (denial of service). This is tied to an incomplete fix of CVE-20...

7.5CVSS7.8AI score0.07103EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.196 views

CVE-2015-7701

CVE-2015-7701 involves a memory leak in ntpd’s CRYPTO_ASSOC when autokey is enabled. Affected: ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Impact: potential denial of service due to memory exhaustion. Remediation: upgrade to fixed ntp releases (e.g., 4.2.8p4+ or 4.3.77+); or disable...

7.5CVSS8.2AI score0.06519EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.195 views

CVE-2017-10176

CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...

7.5CVSS7AI score0.05034EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.190 views

CVE-2017-10114

CVE-2017-10114 affects the Java SE/JavaFX component; specifically Java SE 7u141 and 8u131. The vulnerability is described as difficult to exploit, requiring network access via multiple protocols and user interaction, with potential takeover of Java SE and possible impact on other products relying...

8.3CVSS8.5AI score0.0229EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.186 views

CVE-2015-7855

CVE-2015-7855 affects ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The decodenetnum() function can assert-botch when processing mode 6 or mode 7 packets with an unusually long data value, enabling a remote attacker to cause ntpd to crash (denial of service). Public references indicat...

6.5CVSS7.4AI score0.31068EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.185 views

CVE-2015-7850

CVE-2015-7850 affects ntpd/NTP with remote configuration enabled; vulnerability caused by pointing the key file at the log file, leading to DoS (infinite loop or crash) and potentially large logs. Affected: ntpd in 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Mitigation/remediation documented ac...

6.5CVSS7.2AI score0.04973EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.185 views

CVE-2017-10118

CVE-2017-10118 affects Oracle Java SE/JRockit/JCE with a timing-channel vulnerability in ECDSA within the JCE component. A remote attacker could potentially recover private keys by observing timing differences, enabling unauthenticated network-remote exploitation on affected OpenJDK/JRockit confi...

7.5CVSS7AI score0.02972EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.184 views

CVE-2015-7692

CVE-2015-7692 affects ntpd (NTP) prior to 4.2.8p4 for 4.2.x and 4.3.77 for 4.3.x. The flaw is in the crypto_xmit function (ntp_crypto.c) and can cause remote DoS crashes. This entry notes it as a continuation of an incomplete fix for CVE-2014-9750. No specific patched versions are provided in the...

7.5CVSS7.9AI score0.07336EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.184 views

CVE-2017-10111

CVE-2017-10111 affects Oracle Java OpenJDK’s Libraries component (Java SE). The connected advisories confirm vulnerable versions include Java SE 8u131 and Java SE Embedded 8u131, with exploitation described as arbitrary code execution via the LambdaFormEditor bounds checks in the Libraries, enabl...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.183 views

CVE-2017-10105

CVE-2017-10105 is a vulnerability in the Oracle Java SE Deployment component affecting Java SE 6u151, 7u141, and 8u131. The connected CHAINGUARD entry confirms a vulnerability in Oracle Java SE Deployment with unspecified root cause and a potential impact to data integrity, but does not provide p...

4.3CVSS4.4AI score0.01913EPSS
CVE
CVE
added 2017/07/24 2:0 p.m.174 views

CVE-2015-7703

CVE-2015-7703: ntpd remote configuration feature exposes a file overwrite risk via the :config command when remote configuration is enabled and the attacker knows the configuration password. Affected: ntpd 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Connected documents confirm this as a real vu...

7.5CVSS8.6AI score0.03823EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.173 views

CVE-2015-7702

CVE-2015-7702 affects ntpd’s crypto_xmit implementation in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77, allowing remote attackers to crash ntpd (DoS). The issue stems from an incomplete fix for CVE-2014-9750. Public advisories note the vulnerability and that updates have been released (e.g.,...

6.5CVSS7.9AI score0.05207EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.168 views

CVE-2017-10125

CVE-2017-10125 is described in the initial document as a vulnerability in the Oracle Java SE Deployment component affecting Java SE 7u141 and 8u131. The impact is stated as potentially allowing takeover of Java SE, with CVSS 3.0/3.1 metrics indicating a physical access prerequisite (HPC: PHYSICAL...

7.1CVSS7.6AI score0.0063EPSS
CVE
CVE
added 2017/08/08 3:0 p.m.166 views

CVE-2017-10086

CVE-2017-10086 affects Oracle Java SE (JavaFX) in Java 7u141 and 8u131. Descriptions indicate an easily exploitable, network-accessible vulnerability that can be exploited with no authentication and user interaction, potentially leading to takeover of Java SE. The connected documents cite this CV...

9.6CVSS9AI score0.02132EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.165 views

CVE-2015-7852

CVE-2015-7852 is an off-by-one vulnerability in ntpq’s cookedprint() which can allow a crafted mode 6 packet to cause a buffer overflow and crash ntpd. Public references (Debian DSA-3388-1, CentOS advisories) confirm ntpq/cookedprint as the vulnerable component and describe a DoS via remote craft...

5.9CVSS7.1AI score0.12282EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.124 views

CVE-2015-7849

CVE-2015-7849 is a use-after-free vulnerability in ntpd (NTP) affecting 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The available connected documents describe that remote authenticated users can potentially execute arbitrary code or cause a denial of service (crash) by sending crafted NTP packe...

8.8CVSS9.1AI score0.16848EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.120 views

CVE-2017-10365

CVE-2017-10365 concerns a vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The affected versions are 5.7.18 and earlier. An attacker with network access via multiple protocols and with high privileges can potentially compromise MySQL Server, leading to unauthori...

5.5CVSS3.3AI score0.01571EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.118 views

CVE-2017-10286

CVE-2017-10286 affects the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). The F5 advisory confirms the vulnerability is exploitable over the network by a high-privileged attacker with access via multiple protocols, and can cause a hang or crash (complete DOS). Affected versions in...

4.4CVSS4.3AI score0.02444EPSS
CVE
CVE
added 2017/08/07 8:0 p.m.117 views

CVE-2015-7854

CVE-2015-7854 is a memory corruption vulnerability in ntpd’s password management. A crafted key file can trigger a buffer overflow, potentially crashing the daemon or allowing arbitrary code execution by remote authenticated users. Affected are NTP 4.2.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77...

8.8CVSS9.3AI score0.1456EPSS
CVE
CVE
added 2017/01/06 9:0 p.m.107 views

CVE-2015-7848

CVE-2015-7848 is an NTP daemon vulnerability where an integer overflow in ntpd processing a crafted private mode (MODE_PRIVATE) packet can cause an out-of-bounds memory copy, leading to an immediate crash. The exploit requires a packet with a valid timestamp and correct MAC. Connected sources con...

7.5CVSS8.6AI score0.06096EPSS
CVE
CVE
added 2017/10/19 5:0 p.m.105 views

CVE-2017-10320

CVE-2017-10320 affects the MySQL Server component (InnoDB) of Oracle MySQL. Affected versions are 5.7.19 and earlier. An attacker with network access via multiple protocols can exploit this to cause a hang or a crash (DOS) of MySQL Server. The CVSS v3 base score is 4.9 (Availability impact). Reme...

4.9CVSS4.7AI score0.01942EPSS
Total number of security vulnerabilities73