Vulnerabilities > NTP

DATE CVE VULNERABILITY TITLE RISK
2017-03-27 CVE-2017-6464 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive.
network
low complexity
ntp CWE-20
4.0
2017-03-27 CVE-2017-6463 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option.
network
low complexity
ntp CWE-20
4.0
2017-03-27 CVE-2017-6462 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
local
low complexity
ntp CWE-119
4.6
2017-03-27 CVE-2017-6460 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP
Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response.
network
low complexity
ntp CWE-119
6.5
2017-03-27 CVE-2017-6459 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP
The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes.
local
low complexity
ntp CWE-119
2.1
2017-03-27 CVE-2017-6458 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
network
low complexity
ntp hpe apple siemens CWE-119
8.8
2017-03-27 CVE-2017-6455 Code Injection vulnerability in NTP
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable.
local
ntp CWE-94
4.4
2017-03-27 CVE-2017-6452 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP
Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line.
local
low complexity
ntp CWE-119
4.6
2017-03-27 CVE-2017-6451 Out-of-bounds Write vulnerability in NTP
The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write.
local
low complexity
ntp CWE-787
4.6
2017-01-30 CVE-2016-2519 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
network
high complexity
ntp CWE-119
4.9