Product:

Manager_proxy

(Suse)
Repositories https://github.com/ntp-project/ntp
#Vulnerabilities 11
Date Id Summary Products Score Patch Annotated
2017-07-21 CVE-2015-5219 The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. Ubuntu_linux, Debian_linux, Fedora, Leap, Ntp, Leap, Linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_server, Enterprise_linux_workstation, Tim_4r\-Id_dnp3_firmware, Tim_4r\-Ie_firmware, Linux_enterprise_debuginfo, Linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud 7.5
2016-07-05 CVE-2016-4953 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. Ntp, Leap, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud 7.5
2016-07-05 CVE-2016-4954 The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. Ntp, Leap, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud 7.5
2016-07-05 CVE-2016-4957 ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. Suse_manager, Ntp, Leap, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Manager_proxy, Openstack_cloud N/A
2016-07-05 CVE-2016-4956 ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. Suse_manager, Ntp, Leap, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Manager_proxy, Openstack_cloud N/A
2016-07-05 CVE-2016-4955 ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. Suse_manager, Ntp, Leap, Opensuse, Solaris, Linux_enterprise_desktop, Linux_enterprise_server, Manager_proxy, Openstack_cloud N/A
2017-05-03 CVE-2017-7995 Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL. Suse_linux_enterprise_point_of_sale, Suse_linux_enterprise_server, Manager, Manager_proxy, Openstack_cloud, Xen 3.8
2016-05-24 CVE-2016-0264 Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. Java_sdk, Desktop_supplementary, Enterprise_linux_desktop_supplementary, Enterprise_linux_hpc_node_supplementary, Enterprise_linux_server_supplementary, Enterprise_linux_server_supplementary_eus, Enterprise_linux_workstation_supplementary, Supplementary, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack, Suse_linux_enterprise_server 5.6
2017-01-30 CVE-2015-7976 The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. Suse_openstack_cloud, Ntp, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Manager, Manager_proxy, Suse_linux_enterprise_server 4.3
2017-07-21 CVE-2015-5300 The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). Ubuntu_linux, Debian_linux, Fedora, Ntp, Leap, Opensuse, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud, Suse_linux_enterprise_server 7.5