| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3405 | 5.0 |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remot
|
13-02-2023 - 00:49 | 09-08-2017 - 16:29 | |
| CVE-2020-13817 | 5.8 |
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated
|
29-03-2022 - 18:05 | 04-06-2020 - 13:15 | |
| CVE-2015-7704 | 5.0 |
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
|
17-11-2021 - 22:15 | 07-08-2017 - 20:29 | |
| CVE-2014-9296 | 5.0 |
The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which might allow remote attackers to trigger an unintended association change via crafted packets.
|
17-11-2021 - 22:15 | 20-12-2014 - 02:59 | |
| CVE-2015-8138 | 5.0 |
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
|
17-11-2021 - 22:15 | 30-01-2017 - 21:59 | |
| CVE-2016-2518 | 5.0 |
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
|
10-06-2021 - 13:15 | 30-01-2017 - 21:59 | |
| CVE-2018-12327 | 7.5 |
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whet
|
24-08-2020 - 17:37 | 20-06-2018 - 14:29 | |
| CVE-2016-9311 | 7.1 |
ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet.
|
24-01-2019 - 11:29 | 13-01-2017 - 16:59 | |
| CVE-2015-7978 | 5.0 |
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
|
18-05-2018 - 01:29 | 30-01-2017 - 21:59 | |
| CVE-2017-6464 | 4.0 |
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
|
12-04-2018 - 01:29 | 27-03-2017 - 17:59 | |
| CVE-2015-8158 | 4.3 |
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. <a href="http://cwe.mitre.org/data/definitions/835
|
05-01-2018 - 02:30 | 30-01-2017 - 21:59 |