Total
98 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-6459 | 1 Ntp | 1 Ntp | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. | |||||
CVE-2016-2516 | 1 Ntp | 1 Ntp | 2023-12-10 | 7.1 HIGH | 5.3 MEDIUM |
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. | |||||
CVE-2016-2519 | 1 Ntp | 1 Ntp | 2023-12-10 | 4.9 MEDIUM | 5.9 MEDIUM |
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. | |||||
CVE-2017-6458 | 4 Apple, Hpe, Ntp and 1 more | 5 Mac Os X, Hpux-ntp, Ntp and 2 more | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | |||||
CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | |||||
CVE-2016-2518 | 7 Debian, Freebsd, Netapp and 4 more | 18 Debian Linux, Freebsd, Clustered Data Ontap and 15 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | |||||
CVE-2015-7978 | 1 Ntp | 1 Ntp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. | |||||
CVE-2015-8140 | 1 Ntp | 1 Ntp | 2023-12-10 | 5.8 MEDIUM | 4.8 MEDIUM |
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | |||||
CVE-2016-7428 | 1 Ntp | 1 Ntp | 2023-12-10 | 3.3 LOW | 4.3 MEDIUM |
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | |||||
CVE-2017-6451 | 1 Ntp | 1 Ntp | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. | |||||
CVE-2017-6455 | 1 Ntp | 1 Ntp | 2023-12-10 | 4.4 MEDIUM | 7.0 HIGH |
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | |||||
CVE-2015-8158 | 1 Ntp | 1 Ntp | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. | |||||
CVE-2015-7975 | 1 Ntp | 1 Ntp | 2023-12-10 | 2.1 LOW | 6.2 MEDIUM |
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). | |||||
CVE-2016-1548 | 1 Ntp | 1 Ntp | 2023-12-10 | 6.4 MEDIUM | 7.2 HIGH |
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched. | |||||
CVE-2016-7429 | 1 Ntp | 1 Ntp | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. | |||||
CVE-2016-9311 | 1 Ntp | 1 Ntp | 2023-12-10 | 7.1 HIGH | 5.9 MEDIUM |
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | |||||
CVE-2017-6464 | 1 Ntp | 1 Ntp | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. | |||||
CVE-2016-1550 | 1 Ntp | 1 Ntp | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. | |||||
CVE-2015-7973 | 5 Canonical, Freebsd, Netapp and 2 more | 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | |||||
CVE-2014-9750 | 4 Debian, Ntp, Oracle and 1 more | 6 Debian Linux, Ntp, Linux and 3 more | 2023-12-10 | 5.8 MEDIUM | N/A |
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. |