Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tuxfamily chrony vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2016-1567
chrony prior to 1.31.2 and 2.x prior to 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote malicious users to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."
Tuxfamily Chrony 2.1.1
Tuxfamily Chrony 2.1
Tuxfamily Chrony 2.2
Tuxfamily Chrony 2.0
Tuxfamily Chrony
6.5
CVSSv3
CVE-2015-1853
chrony prior to 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
Tuxfamily Chrony
6
CVSSv3
CVE-2020-14367
A flaw was found in chrony versions prior to 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic ...
Tuxfamily Chrony
Fedoraproject Fedora 32
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
1 Github repository
NA
CVE-2012-4502
Multiple integer overflows in pktlength.c in Chrony prior to 1.29 allow remote malicious users to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCES...
Tuxfamily Chrony 1.24
Tuxfamily Chrony 1.21
Tuxfamily Chrony 1.19
Tuxfamily Chrony 1.23
Tuxfamily Chrony 1.25
Tuxfamily Chrony 1.1
Tuxfamily Chrony 1.27
Tuxfamily Chrony 1.20
Tuxfamily Chrony
Tuxfamily Chrony 1.19.99.3
Tuxfamily Chrony 1.23.1
Tuxfamily Chrony 1.19.99.2
Tuxfamily Chrony 1.0
Tuxfamily Chrony 1.28
Tuxfamily Chrony 1.18
Tuxfamily Chrony 1.26
Tuxfamily Chrony 1.19.99.1
NA
CVE-2012-4503
cmdmon.c in Chrony prior to 1.29 allows remote malicious users to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to the handle_subnets_accessed function or (2) a RPY_CLIENT_ACCESSES command...
Tuxfamily Chrony 1.24
Tuxfamily Chrony 1.21
Tuxfamily Chrony 1.19
Tuxfamily Chrony 1.23
Tuxfamily Chrony 1.25
Tuxfamily Chrony 1.1
Tuxfamily Chrony 1.27
Tuxfamily Chrony 1.20
Tuxfamily Chrony
Tuxfamily Chrony 1.19.99.3
Tuxfamily Chrony 1.23.1
Tuxfamily Chrony 1.19.99.2
Tuxfamily Chrony 1.0
Tuxfamily Chrony 1.28
Tuxfamily Chrony 1.18
Tuxfamily Chrony 1.26
Tuxfamily Chrony 1.19.99.1
NA
CVE-2010-0292
The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony prior to 1.23.1, and 1.24-pre1, allows remote malicious users to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS mes...
Tuxfamily Chrony 1.19
Tuxfamily Chrony 1.20
Tuxfamily Chrony
Tuxfamily Chrony 1.19.99.3
Tuxfamily Chrony 1.19-1
Tuxfamily Chrony 1.19.99.2
Tuxfamily Chrony 1.21-pre1
Tuxfamily Chrony 1.18
Tuxfamily Chrony 1.24-pre1
Tuxfamily Chrony 1.19.99.1
Tuxfamily Chrony 1.21
NA
CVE-2010-0293
The client logging functionality in chronyd in Chrony prior to 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote malicious users to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.
Tuxfamily Chrony 1.19
Tuxfamily Chrony 1.20
Tuxfamily Chrony
Tuxfamily Chrony 1.19.99.3
Tuxfamily Chrony 1.19-1
Tuxfamily Chrony 1.19.99.2
Tuxfamily Chrony 1.21-pre1
Tuxfamily Chrony 1.18
Tuxfamily Chrony 1.24-pre1
Tuxfamily Chrony 1.19.99.1
Tuxfamily Chrony 1.21
NA
CVE-2010-0294
chronyd in Chrony prior to 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote malicious users to cause a denial of service (disk consumption) via a large number of invalid packets.
Tuxfamily Chrony 1.19
Tuxfamily Chrony 1.20
Tuxfamily Chrony
Tuxfamily Chrony 1.19.99.3
Tuxfamily Chrony 1.19-1
Tuxfamily Chrony 1.19.99.2
Tuxfamily Chrony 1.21-pre1
Tuxfamily Chrony 1.18
Tuxfamily Chrony 1.24-pre1
Tuxfamily Chrony 1.19.99.1
Tuxfamily Chrony 1.21
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started