Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-01-30 CVE-2015-7331 7PK - Security Features vulnerability in Puppetlabs Mcollective-Puppet-Agent
The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument.
network
high complexity
puppetlabs CWE-254
6.6
6.6
2017-01-30 CVE-2016-2519 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in NTP
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
network
high complexity
ntp CWE-119
5.9
5.9
2017-01-30 CVE-2016-2518 Out-of-bounds Read vulnerability in multiple products
The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value.
network
low complexity
ntp debian netapp oracle redhat freebsd siemens CWE-125
5.3
5.3
2017-01-30 CVE-2016-2517 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey.
network
high complexity
ntp CWE-20
5.3
5.3
2017-01-30 CVE-2016-2516 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
network
high complexity
ntp CWE-20
5.3
5.3
2017-01-30 CVE-2015-8158 Unspecified vulnerability in NTP
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
network
high complexity
ntp
5.9
5.9
2017-01-30 CVE-2015-8140 Improper Access Control vulnerability in NTP 4.2.4/4.2.7/4.2.8
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
network
high complexity
ntp CWE-284
4.8
4.8
2017-01-30 CVE-2015-8139 Improper Access Control vulnerability in NTP 4.2.4/4.2.7/4.2.8
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
network
low complexity
ntp CWE-284
5.3
5.3
2017-01-30 CVE-2015-8138 Improper Input Validation vulnerability in NTP
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
network
low complexity
ntp CWE-20
5.3
5.3
2017-01-30 CVE-2015-7977 NULL Pointer Dereference vulnerability in multiple products
ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. 		5.9
5.9