Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ntp
(Ntp)| Repositories | https://github.com/ntp-project/ntp |
| #Vulnerabilities | 98 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-08-09 | CVE-2015-3405 | ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | Debian_linux, Fedora, Ntp, Suse_linux_enterprise_server, Suse_linux_enterprise_desktop, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_from_rhui_6, Enterprise_linux_workstation, Suse_linux_enterprise_server | 7.5 | ||
| 2020-04-17 | CVE-2020-11868 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. | Debian_linux, All_flash_fabric\-Attached_storage_8300_firmware, All_flash_fabric\-Attached_storage_8700_firmware, All_flash_fabric\-Attached_storage_a400_firmware, Clustered_data_ontap, Data_ontap, Fabric\-Attached_storage_8300_firmware, Fabric\-Attached_storage_8700_firmware, Fabric\-Attached_storage_a400_firmware, Hci_management_node, Hci_storage_node_firmware, Solidfire, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Ntp, Leap, Enterprise_linux | 7.5 | ||
| 2020-06-04 | CVE-2020-13817 | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. | M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Cloud_backup, Clustered_data_ontap, Data_ontap, Element_software, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Hci_compute_node_firmware, Hci_management_node, Ontap_tools, Solidfire, Steelstore_cloud_integrated_storage, Ntp, Leap | 7.4 | ||
| 2017-01-30 | CVE-2015-7977 | ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | Ubuntu_linux, Debian_linux, Fedora, Freebsd, Clustered_data_ontap, Oncommand_balance, Ntp, Linux, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware | 5.9 | ||
| 2017-08-07 | CVE-2015-7704 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | Xenserver, Debian_linux, Enterprise_security_manager, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation | 7.5 | ||
| 2017-08-07 | CVE-2015-7705 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | Xenserver, Clustered_data_ontap, Data_ontap, Oncommand_performance_manager, Oncommand_unified_manager, Ntp, Tim_4r\-Ie_dnp3_firmware, Tim_4r\-Ie_firmware | 9.8 | ||
| 2017-01-30 | CVE-2015-8138 | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. | Ntp | 5.3 | ||
| 2014-12-20 | CVE-2014-9293 | The config_auth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | Ntp | N/A | ||
| 2014-12-20 | CVE-2014-9295 | Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to (1) the crypto_recv function when the Autokey Authentication feature is used, (2) the ctl_putdata function, and (3) the configure function. | Ntp | N/A | ||
| 2014-12-20 | CVE-2014-9294 | util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. | Ntp | N/A |