High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-05-15	CVE-2019-8936	NULL Pointer Dereference vulnerability in multiple products NTP through 4.2.8p12 has a NULL Pointer Dereference. network low complexity netapp fedoraproject opensuse hpe ntp CWE-476	7.5
2019-04-18	CVE-2019-11331	Unspecified vulnerability in NTP Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks. network high complexity ntp	8.1
2018-06-20	CVE-2018-12327	Out-of-bounds Write vulnerability in NTP 4.2.8 Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. network low complexity ntp CWE-787	7.5
2018-03-08	CVE-2018-7183	Out-of-bounds Write vulnerability in multiple products Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. network low complexity ntp freebsd canonical netapp CWE-787	7.5
2017-08-09	CVE-2015-3405	Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. network low complexity ntp debian suse opensuse-project opensuse fedoraproject redhat CWE-331	7.5
2017-08-07	CVE-2015-7871	Improper Authentication vulnerability in multiple products Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. network low complexity ntp debian netapp CWE-287	7.5
2017-08-07	CVE-2015-7853	Classic Buffer Overflow vulnerability in multiple products The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value. network low complexity ntp netapp CWE-120	7.5
2017-08-07	CVE-2015-7705	Improper Input Validation vulnerability in multiple products The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. network low complexity ntp netapp citrix siemens CWE-20	7.5
2017-07-21	CVE-2015-5219	Incorrect Type Conversion or Cast vulnerability in multiple products The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet. network low complexity fedoraproject suse redhat debian canonical ntp novell opensuse siemens oracle CWE-704	7.5
2017-07-21	CVE-2015-5195	Improper Input Validation vulnerability in multiple products ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation. network low complexity fedoraproject redhat debian canonical ntp CWE-20	7.5