Vulnerabilities > NTP > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-06 | CVE-2016-1548 | Data Processing Errors vulnerability in NTP 4.2.8 An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. | 7.2 |
| 2017-01-06 | CVE-2015-7848 | Integer Overflow or Wraparound vulnerability in NTP Ntp-Dev 4.3.70 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. | 7.5 |
| 2016-07-05 | CVE-2016-4957 | NULL Pointer Dereference vulnerability in multiple products ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. | 7.5 |
| 2016-07-05 | CVE-2016-4954 | Race Condition vulnerability in multiple products The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. | 7.5 |
| 2016-07-05 | CVE-2016-4953 | Improper Authentication vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | 7.5 |
| 2016-01-26 | CVE-2015-7974 | Improper Authentication vulnerability in multiple products NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | 7.7 |