Filtered by vendor Ntp
Subscriptions
Filtered by product Ntp
Subscriptions
Total
98 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-5300 | 7 Canonical, Debian, Fedoraproject and 4 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-08-06 | N/A |
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart). | ||||
CVE-2015-5219 | 10 Canonical, Debian, Fedoraproject and 7 more | 21 Ubuntu Linux, Debian Linux, Fedora and 18 more | 2024-08-06 | 7.5 High |
The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. | ||||
CVE-2015-5194 | 6 Canonical, Debian, Fedoraproject and 3 more | 14 Ubuntu Linux, Debian Linux, Fedora and 11 more | 2024-08-06 | N/A |
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands. | ||||
CVE-2015-5195 | 5 Canonical, Debian, Fedoraproject and 2 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-08-06 | N/A |
ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. | ||||
CVE-2015-5146 | 3 Debian, Fedoraproject, Ntp | 3 Debian Linux, Fedora, Ntp | 2024-08-06 | N/A |
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet. | ||||
CVE-2015-3405 | 7 Debian, Fedoraproject, Ntp and 4 more | 14 Debian Linux, Fedora, Ntp and 11 more | 2024-08-06 | N/A |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | ||||
CVE-2015-1799 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-08-06 | N/A |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial of service (synchronization loss) by spoofing the source IP address of a peer. | ||||
CVE-2015-1798 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-08-06 | N/A |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC. | ||||
CVE-2016-9310 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-08-06 | N/A |
The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | ||||
CVE-2016-9312 | 2 Microsoft, Ntp | 2 Windows, Ntp | 2024-08-06 | N/A |
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | ||||
CVE-2016-9311 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-08-06 | N/A |
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | ||||
CVE-2016-7431 | 1 Ntp | 1 Ntp | 2024-08-06 | N/A |
NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. | ||||
CVE-2016-7434 | 2 Hpe, Ntp | 2 Hpux-ntp, Ntp | 2024-08-06 | 7.5 High |
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | ||||
CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 10 Ubuntu Linux, Hpux-ntp, Ntp and 7 more | 2024-08-06 | 7.5 High |
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | ||||
CVE-2016-7433 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-08-06 | N/A |
NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | ||||
CVE-2016-7428 | 1 Ntp | 1 Ntp | 2024-08-06 | N/A |
ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | ||||
CVE-2016-7429 | 2 Ntp, Redhat | 2 Ntp, Enterprise Linux | 2024-08-06 | N/A |
NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. | ||||
CVE-2016-7427 | 1 Ntp | 1 Ntp | 2024-08-06 | N/A |
The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. | ||||
CVE-2016-4956 | 6 Novell, Ntp, Opensuse and 3 more | 11 Suse Manager, Ntp, Leap and 8 more | 2024-08-06 | 5.3 Medium |
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-1548. | ||||
CVE-2016-4957 | 5 Novell, Ntp, Opensuse and 2 more | 9 Suse Manager, Ntp, Leap and 6 more | 2024-08-06 | 7.5 High |
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547. |