Vulnerabilities > NTP

DATE CVE VULNERABILITY TITLE RISK
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
5.3
2017-01-30 CVE-2016-2517 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey.
network
high complexity
ntp CWE-20
5.3
5.3
2017-01-30 CVE-2016-2516 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
network
high complexity
ntp CWE-20
5.3
5.3
2017-01-30 CVE-2015-8158 Unspecified vulnerability in NTP
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
network
high complexity
ntp
5.9
5.9
2017-01-30 CVE-2015-8140 Improper Access Control vulnerability in NTP 4.2.4/4.2.7/4.2.8
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
network
high complexity
ntp CWE-284
4.8
4.8
2017-01-30 CVE-2015-8139 Improper Access Control vulnerability in NTP 4.2.4/4.2.7/4.2.8
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
network
low complexity
ntp CWE-284
5.3
5.3
2017-01-30 CVE-2015-8138 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
network
low complexity
ntp CWE-20
5.3
5.3
2017-01-30 CVE-2015-7979 Data Processing Errors vulnerability in NTP
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
network
low complexity
ntp CWE-19
7.5
7.5
2017-01-30 CVE-2015-7978 Resource Exhaustion vulnerability in NTP
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
network
low complexity
ntp CWE-400
7.5
7.5
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. 		5.9
5.9