Vulnerabilities > NTP > NTP > 4.3.68

DATE CVE VULNERABILITY TITLE RISK
2020-06-04 CVE-2020-13817 Use of Insufficiently Random Values vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets.
5.8
2020-01-28 CVE-2015-7851 Path Traversal vulnerability in NTP
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
network
low complexity
ntp CWE-22
3.5
2018-03-06 CVE-2018-7170 Unspecified vulnerability in NTP
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack.
3.5
2017-08-07 CVE-2015-7871 Improper Authentication vulnerability in multiple products
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
network
low complexity
ntp debian netapp CWE-287
7.5
2017-08-07 CVE-2015-7855 Improper Input Validation vulnerability in multiple products
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
network
low complexity
ntp debian netapp siemens CWE-20
4.0
2017-08-07 CVE-2015-7854 Classic Buffer Overflow vulnerability in NTP
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
network
low complexity
ntp netapp CWE-120
6.5
2017-08-07 CVE-2015-7853 Classic Buffer Overflow vulnerability in multiple products
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
network
low complexity
ntp netapp CWE-120
7.5
2017-08-07 CVE-2015-7852 Improper Input Validation vulnerability in NTP
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
4.3
2017-08-07 CVE-2015-7850 Infinite Loop vulnerability in NTP
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
network
low complexity
ntp debian netapp CWE-835
4.0
2017-08-07 CVE-2015-7849 Use After Free vulnerability in NTP
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
network
low complexity
ntp netapp CWE-416
6.5