Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-27 | CVE-2017-6462 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. | 7.8 |
| 2017-03-27 | CVE-2017-6460 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. | 8.8 |
| 2017-03-27 | CVE-2017-6458 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. | 8.8 |
| 2017-03-27 | CVE-2017-6455 | Code Injection vulnerability in NTP NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. | 7.0 |
| 2017-03-27 | CVE-2017-6452 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. | 7.8 |
| 2017-03-27 | CVE-2017-6451 | Out-of-bounds Write vulnerability in NTP The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. | 7.8 |
| 2017-03-27 | CVE-2016-9243 | HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | 7.5 |
| 2017-03-27 | CVE-2016-4912 | NULL Pointer Dereference vulnerability in Openslp 2.0.0 The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a large number of crafted packets, which triggers a memory allocation failure. | 7.5 |
| 2017-03-27 | CVE-2016-10225 | Permissions, Privileges, and Access Controls vulnerability in Allwinner Linux-3.4-Sunxi The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. | 7.8 |
| 2017-03-27 | CVE-2015-8764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freeradius Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | 8.1 |