Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntp ntp vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2022-36786
DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router.
Dlink Dsl-224 Firmware -
9.8
CVSSv3
CVE-2022-26991
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows malicious users to execute arbitrary commands via a crafted ...
Arris Sbr-ac1900p Firmware 1.0.7-b05
Arris Sbr-ac3200p Firmware 1.0.7-b05
Arris Sbr-ac1200p Firmware 1.0.5-b05
9.8
CVSSv3
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
Iteris Vantage Velocity Firmware 2.3.1
Iteris Vantage Velocity Firmware 2.4.2
Iteris Vantage Velocity Firmware 3.0
9.8
CVSSv3
CVE-2020-9027
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
Eltex-co Ntp-2 Firmware 3.25.1.1226
Eltex-co Ntp-rg-1402g Firmware 3.25.3.32
9.8
CVSSv3
CVE-2020-9026
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.
Eltex-co Ntp-2 Firmware 3.25.1.1226
Eltex-co Ntp-rg-1402g Firmware 3.25.3.32
9.8
CVSSv3
CVE-2018-20053
An issue exists on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network.
Cerner Connectivity Engine 4 Firmware
9.8
CVSSv3
CVE-2018-7183
Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 up to and including 4.2.8p10 allows remote malicious users to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array.
Ntp Ntp 4.2.8
Freebsd Freebsd 10.3
Freebsd Freebsd 11.1
Freebsd Freebsd 10.4
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Netapp Element Software -
1 Article
9.8
CVSSv3
CVE-2015-7705
The rate limiting feature in NTP 4.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77 allows remote malicious users to have unspecified impact via a large number of crafted requests.
Ntp Ntp 4.2.8
Ntp Ntp
Netapp Clustered Data Ontap -
Netapp Data Ontap -
Netapp Oncommand Unified Manager -
Netapp Oncommand Performance Manager -
Citrix Xenserver 7.0
Citrix Xenserver 6.0.2
Citrix Xenserver 6.5
Citrix Xenserver 6.2.0
Siemens Tim 4r-ie Firmware
Siemens Tim 4r-ie Dnp3 Firmware
9.8
CVSSv3
CVE-2015-7853
The datalen parameter in the refclock driver in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Ntp Ntp 4.2.8
Ntp Ntp
Netapp Oncommand Balance -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
Netapp Oncommand Unified Manager -
Netapp Oncommand Performance Manager -
9.8
CVSSv3
CVE-2015-7871
Crypto-NAK packets in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to bypass authentication.
Ntp Ntp 4.2.5
Ntp Ntp 4.2.8
Ntp Ntp
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
Netapp Oncommand Balance -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
Netapp Oncommand Unified Manager -
Netapp Oncommand Performance Manager -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »