Vulnerabilities > NTP

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-26551 Out-of-bounds Write vulnerability in NTP 4.2.8
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop.
network
high complexity
ntp CWE-787
5.6
2023-04-11 CVE-2023-26552 Out-of-bounds Write vulnerability in NTP 4.2.8
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point.
network
high complexity
ntp CWE-787
5.6
2023-04-11 CVE-2023-26553 Out-of-bounds Write vulnerability in NTP 4.2.8
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number.
network
high complexity
ntp CWE-787
5.6
2023-04-11 CVE-2023-26554 Out-of-bounds Write vulnerability in NTP 4.2.8
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character.
network
high complexity
ntp CWE-787
5.6
2023-04-11 CVE-2023-26555 Out-of-bounds Write vulnerability in NTP 4.2.8
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write.
high complexity
ntp CWE-787
6.4
2020-06-24 CVE-2020-15025 Memory Leak vulnerability in multiple products
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file.
network
low complexity
ntp opensuse netapp oracle CWE-401
4.9
2020-06-04 CVE-2020-13817 Use of Insufficiently Random Values vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets.
network
high complexity
ntp netapp opensuse fujitsu CWE-330
7.4
2020-05-06 CVE-2018-8956 Improper Input Validation vulnerability in NTP 4.2.8
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets.
network
low complexity
ntp CWE-20
5.3
2020-04-17 CVE-2020-11868 Origin Validation Error vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp.
network
low complexity
ntp redhat netapp debian opensuse CWE-346
7.5
2020-01-28 CVE-2015-7851 Path Traversal vulnerability in NTP
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
network
low complexity
ntp CWE-22
6.5