Vulnerabilities > NTP > NTP > 4.3.71

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2015-7705 Improper Input Validation vulnerability in multiple products
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
network
low complexity
ntp netapp citrix siemens CWE-20
critical
 9.8
9.8
2017-08-07 CVE-2015-7704 Improper Input Validation vulnerability in multiple products
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
network
low complexity
ntp debian netapp redhat mcafee citrix CWE-20
7.5
7.5
2017-08-07 CVE-2015-7702 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
6.5
6.5
2017-08-07 CVE-2015-7701 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
network
low complexity
ntp oracle debian netapp redhat CWE-772
7.5
7.5
2017-08-07 CVE-2015-7692 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
7.5
2017-08-07 CVE-2015-7691 Improper Input Validation vulnerability in multiple products
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
7.5
2017-07-24 CVE-2015-7703 Improper Input Validation vulnerability in multiple products
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
network
low complexity
ntp oracle debian netapp redhat CWE-20
7.5
7.5
2017-03-27 CVE-2017-6464 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
network
low complexity
ntp CWE-20
6.5
6.5
2017-03-27 CVE-2017-6463 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
network
low complexity
ntp CWE-20
6.5
6.5
2017-03-27 CVE-2017-6462 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
local
low complexity
ntp CWE-119
7.8
7.8