4.3.79

DATE	CVE	VULNERABILITY TITLE	RISK
2017-01-30	CVE-2015-7976	7PK - Security Features vulnerability in multiple products The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. network low complexity ntp suse novell opensuse CWE-254	4.0
2017-01-30	CVE-2015-7975	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). local low complexity ntp CWE-119	2.1
2017-01-30	CVE-2015-7973	7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. network ntp siemens freebsd netapp canonical CWE-254	5.8
2017-01-13	CVE-2016-7434	Improper Input Validation vulnerability in NTP 4.2.8/4.2.7 The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. network low complexity ntp hpe CWE-20	4.3
2017-01-13	CVE-2016-7426	Resource Exhaustion vulnerability in NTP 4.2.5/4.2.6/4.2.7 NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. network ntp canonical redhat hpe CWE-400	4.3
2016-07-05	CVE-2016-4956	ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. network low complexity ntp oracle novell suse opensuse siemens	5.3
2016-07-05	CVE-2016-4955	Race Condition vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. network high complexity ntp oracle novell suse opensuse siemens CWE-362	5.9
2016-07-05	CVE-2016-4954	Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. network low complexity ntp oracle suse opensuse siemens CWE-362	7.5
2016-07-05	CVE-2016-4953	Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. network low complexity ntp oracle suse opensuse siemens CWE-287	5.0
2016-01-26	CVE-2015-7974	Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." network low complexity ntp siemens netapp debian CWE-287	4.0