Vulnerabilities > NTP > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-11 | CVE-2023-26551 | Out-of-bounds Write vulnerability in NTP 4.2.8 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. | 5.6 |
2023-04-11 | CVE-2023-26552 | Out-of-bounds Write vulnerability in NTP 4.2.8 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. | 5.6 |
2023-04-11 | CVE-2023-26553 | Out-of-bounds Write vulnerability in NTP 4.2.8 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. | 5.6 |
2023-04-11 | CVE-2023-26554 | Out-of-bounds Write vulnerability in NTP 4.2.8 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. | 5.6 |
2023-04-11 | CVE-2023-26555 | Out-of-bounds Write vulnerability in NTP 4.2.8 praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. | 6.4 |
2020-06-24 | CVE-2020-15025 | Memory Leak vulnerability in multiple products ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | 4.9 |
2020-05-06 | CVE-2018-8956 | Improper Input Validation vulnerability in NTP 4.2.8 ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. | 5.3 |
2020-01-28 | CVE-2015-7851 | Path Traversal vulnerability in NTP Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | 6.5 |
2020-01-08 | CVE-2014-5209 | Information Exposure vulnerability in multiple products An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. | 5.3 |
2018-06-04 | CVE-2016-9042 | Improper Input Validation vulnerability in multiple products An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. | 5.9 |