Vulnerabilities > NTP
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2016-2518 | Out-of-bounds Read vulnerability in multiple products The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. | 5.0 |
| 2017-01-30 | CVE-2016-2517 | Improper Input Validation vulnerability in NTP NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. | 4.9 |
| 2017-01-30 | CVE-2016-2516 | Improper Input Validation vulnerability in NTP NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. | 7.1 |
| 2017-01-30 | CVE-2015-8158 | Denial of Service vulnerability in NTP The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. network ntp | 4.3 |
| 2017-01-30 | CVE-2015-8140 | Improper Access Control vulnerability in NTP 4.2.4/4.2.7/4.2.8 The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | 5.8 |
| 2017-01-30 | CVE-2015-8139 | Improper Access Control vulnerability in NTP 4.2.4/4.2.7/4.2.8 ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. | 5.3 |
| 2017-01-30 | CVE-2015-8138 | Improper Input Validation vulnerability in NTP NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. | 5.0 |
| 2017-01-30 | CVE-2015-7979 | Data Processing Errors vulnerability in NTP NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. | 5.0 |
| 2017-01-30 | CVE-2015-7978 | Resource Exhaustion vulnerability in NTP NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. | 5.0 |
| 2017-01-30 | CVE-2015-7977 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. | 4.3 |