Vulnerabilities > NTP > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-30 | CVE-2015-7973 | 7PK - Security Features vulnerability in multiple products NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | 6.5 |
| 2017-01-13 | CVE-2016-9311 | NULL Pointer Dereference vulnerability in NTP 4.2.4/4.2.7/4.2.8 ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. | 5.9 |
| 2017-01-13 | CVE-2016-9310 | Resource Exhaustion vulnerability in NTP 4.2.4/4.2.7/4.2.8 The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. | 6.5 |
| 2017-01-13 | CVE-2016-7433 | Incorrect Calculation vulnerability in NTP 4.2.4/4.2.7/4.2.8 NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." | 5.3 |
| 2017-01-13 | CVE-2016-7431 | Improper Input Validation vulnerability in NTP 4.2.8 NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. | 5.3 |
| 2017-01-13 | CVE-2016-7428 | Resource Exhaustion vulnerability in NTP 4.2.8 ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. | 4.3 |
| 2017-01-13 | CVE-2016-7427 | Resource Exhaustion vulnerability in NTP 4.2.8 The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. | 4.3 |
| 2017-01-06 | CVE-2016-1550 | Information Exposure vulnerability in NTP 4.2.8 An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. | 5.3 |
| 2017-01-06 | CVE-2016-1549 | Data Processing Errors vulnerability in NTP 4.2.8 A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock. | 6.5 |
| 2017-01-06 | CVE-2016-1547 | Improper Input Validation vulnerability in NTP An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. | 5.3 |