| Max CVSS | 6.8 | Min CVSS | 1.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-3405 | 5.0 |
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remot
|
13-02-2023 - 00:49 | 09-08-2017 - 16:29 | |
| CVE-2015-1798 | 1.8 |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting t
|
12-02-2023 - 23:15 | 08-04-2015 - 10:59 | |
| CVE-2014-9751 | 6.8 |
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packe
|
08-09-2021 - 17:19 | 06-10-2015 - 01:59 | |
| CVE-2014-9750 | 5.8 |
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field
|
18-06-2020 - 16:38 | 06-10-2015 - 01:59 | |
| CVE-2015-1799 | 4.3 |
The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates upon receiving certain invalid packets, which makes it easier for man-in-the-middle attackers to cause a denial
|
05-01-2018 - 02:30 | 08-04-2015 - 10:59 |