Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2169
Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.
1 Github repository
1 Article
NA
CVE-2024-1309
Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1.
1 Article
NA
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated malicious user to execute some OS commands remotely by sending a crafted HTTP request.
Zyxel Nbg6604 Firmware 1.01\\(abir.1\\)c0
NA
CVE-2023-4012
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).
Ntpsec Ntpsec 1.2.2
NA
CVE-2023-3036
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote malicious user to trigger a panic by sending an NTSAuthenticator packet with extension lengt...
Cloudflare Cfnts
NA
CVE-2023-33192
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The se...
Tweedegolf Ntpd-rs
NA
CVE-2023-2573
Advantech EKI-1524, EKI-1522, EKI-1521 devices up to and including 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.
Advantech Eki-1521 Firmware
Advantech Eki-1522 Firmware
Advantech Eki-1524 Firmware
NA
CVE-2023-26551
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Ntp Ntp 4.2.8
NA
CVE-2023-26552
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Ntp Ntp 4.2.8
NA
CVE-2023-26553
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.
Ntp Ntp 4.2.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »