| Max CVSS | 5.8 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-8138 | 5.0 |
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
|
17-11-2021 - 22:15 | 30-01-2017 - 21:59 | |
| CVE-2015-7973 | 5.8 |
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
|
26-04-2021 - 17:42 | 30-01-2017 - 21:59 | |
| CVE-2015-7974 | 4.0 |
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
|
26-04-2021 - 17:42 | 26-01-2016 - 19:59 | |
| CVE-2015-7979 | 5.0 |
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
|
15-04-2021 - 21:15 | 30-01-2017 - 21:59 | |
| CVE-2015-8158 | 4.3 |
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. <a href="http://cwe.mitre.org/data/definitions/835
|
05-01-2018 - 02:30 | 30-01-2017 - 21:59 | |
| CVE-2015-7975 | 2.1 |
The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).
|
21-11-2017 - 02:29 | 30-01-2017 - 21:59 |