Vulnerabilities > HPE > Hpux NTP > c.4.2.8.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-15 | CVE-2019-8936 | NULL Pointer Dereference vulnerability in multiple products NTP through 4.2.8p12 has a NULL Pointer Dereference. | 7.5 |
| 2018-06-04 | CVE-2016-9042 | Improper Input Validation vulnerability in multiple products An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. | 5.9 |
| 2018-03-06 | CVE-2018-7185 | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. | 5.0 |
| 2018-03-06 | CVE-2018-7170 | Unspecified vulnerability in NTP ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. | 3.5 |
| 2017-03-27 | CVE-2017-6458 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | 8.8 |
| 2017-01-13 | CVE-2016-7434 | Improper Input Validation vulnerability in NTP 4.2.8/4.2.7 The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. | 4.3 |
| 2017-01-13 | CVE-2016-7426 | Resource Exhaustion vulnerability in NTP 4.2.5/4.2.6/4.2.7 NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | 4.3 |