Vulnerabilities > NTP > NTP > 4.3.35
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-6460 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. | 6.5 |
| 2017-03-27 | CVE-2017-6459 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. | 2.1 |
| 2017-03-27 | CVE-2017-6458 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | 8.8 |
| 2017-03-27 | CVE-2017-6455 | Code Injection vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | 4.4 |
| 2017-03-27 | CVE-2017-6452 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. | 4.6 |
| 2017-03-27 | CVE-2017-6451 | Out-of-bounds Write vulnerability in NTP The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. | 4.6 |
| 2017-01-30 | CVE-2016-2519 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. | 4.9 |
| 2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.0 |
| 2017-01-30 | CVE-2016-2517 | Improper Input Validation vulnerability in NTP NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. | 4.9 |
| 2017-01-30 | CVE-2016-2516 | Improper Input Validation vulnerability in NTP NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. | 7.1 |