Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ntp
(Ntp)Repositories | https://github.com/ntp-project/ntp |
#Vulnerabilities | 98 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-03-08 | CVE-2018-7183 | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | Ubuntu_linux, Freebsd, Element_software, Ntp | 9.8 | ||
2016-07-05 | CVE-2016-4953 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | Ntp, Leap, Opensuse, Solaris, Simatic_net_cp_443\-1_opc_ua_firmware, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware, Linux_enterprise_desktop, Linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud | 7.5 | ||
2017-08-07 | CVE-2015-7853 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. | Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp | 9.8 | ||
2017-01-13 | CVE-2016-7431 | NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | Ntp | 5.3 | ||
2017-01-30 | CVE-2016-2518 | The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | Debian_linux, Freebsd, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager_for_clustered_data_ontap, Ntp, Communications_user_data_repository, Linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Simatic_net_cp_443\-1_opc_ua_firmware | 5.3 | ||
2017-01-30 | CVE-2015-7973 | NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | Ubuntu_linux, Freebsd, Clustered_data_ontap, Oncommand_balance, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware | 6.5 | ||
2016-01-26 | CVE-2015-7974 | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | Debian_linux, Clustered_data_ontap, Oncommand_balance, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware | 7.7 | ||
2017-08-07 | CVE-2015-7855 | The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. | Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware | 6.5 | ||
2017-01-30 | CVE-2015-7979 | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. | Ntp | 7.5 | ||
2017-08-07 | CVE-2015-7871 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | Debian_linux, Clustered_data_ontap, Data_ontap, Oncommand_balance, Oncommand_performance_manager, Oncommand_unified_manager, Ntp | 9.8 |