Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntpd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-7848
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP dae...
Ntp Ntp-dev 4.3.70
8.8
CVSSv3
CVE-2015-7849
Use-after-free vulnerability in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
5.3
CVSSv3
CVE-2016-2516
NTP prior to 4.2.8p7 and 4.3.x prior to 4.3.92, when mode7 is enabled, allows remote malicious users to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive.
Ntp Ntp
Ntp Ntp 4.3.90
Ntp Ntp 4.3.91
Ntp Ntp 4.3.14
Ntp Ntp 4.3.15
Ntp Ntp 4.3.22
Ntp Ntp 4.3.23
Ntp Ntp 4.3.3
Ntp Ntp 4.3.30
Ntp Ntp 4.3.37
Ntp Ntp 4.3.38
Ntp Ntp 4.3.45
Ntp Ntp 4.3.46
Ntp Ntp 4.3.52
Ntp Ntp 4.3.53
Ntp Ntp 4.3.6
Ntp Ntp 4.3.60
Ntp Ntp 4.3.68
Ntp Ntp 4.3.69
Ntp Ntp 4.3.75
Ntp Ntp 4.3.76
Ntp Ntp 4.3.82
9.8
CVSSv3
CVE-2015-7853
The datalen parameter in the refclock driver in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to execute arbitrary code or cause a denial of service (crash) via a negative input value.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
7.5
CVSSv3
CVE-2016-4957
ntpd in NTP prior to 4.2.8p8 allows remote malicious users to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
Ntp Ntp 4.2.8
Ntp Ntp 4.3.92
Oracle Solaris 10
Oracle Solaris 11.3
Suse Manager Proxy 2.1
Suse Openstack Cloud 5
Novell Suse Manager 2.1
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 12
7.5
CVSSv3
CVE-2016-4953
ntpd in NTP 4.x prior to 4.2.8p8 allows remote malicious users to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
Ntp Ntp
Ntp Ntp 4.2.8
Oracle Solaris 10
Oracle Solaris 11.3
Suse Manager 2.1
Suse Manager Proxy 2.1
Suse Openstack Cloud 5
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 12
Siemens Simatic Net Cp 443-1 Opc Ua Firmware
Siemens Tim 4r-ie Firmware
Siemens Tim 4r-ie Dnp3 Firmware
3.7
CVSSv3
CVE-2016-1551
ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with...
Ntp Ntp 4.2.8
Ntpsec Ntpsec A5fb34b9cc89b92a8fef2f459004865c93bb7f92
1 Article
NA
CVE-2009-1252
Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP prior to 4.2.4p7 and 4.2.5 prior to 4.2.5p74, when OpenSSL and autokey are enabled, allows remote malicious users to execute arbitrary code via a crafted packet containing an extension field.
Ntp Ntp 4.2.4p1
Ntp Ntp 4.2.4p2
Ntp Ntp 4.2.5p2
Ntp Ntp 4.2.5p3
Ntp Ntp 4.2.5p10
Ntp Ntp 4.2.5p11
Ntp Ntp 4.2.5p19
Ntp Ntp 4.2.5p20
Ntp Ntp 4.2.5p28
Ntp Ntp 4.2.5p29
Ntp Ntp 4.2.5p37
Ntp Ntp 4.2.5p38
Ntp Ntp 4.2.5p39
Ntp Ntp 4.2.5p46
Ntp Ntp 4.2.5p47
Ntp Ntp 4.2.5p54
Ntp Ntp 4.2.5p55
Ntp Ntp 4.2.5p63
Ntp Ntp 4.2.5p62
Ntp Ntp 4.2.5p64
Ntp Ntp 4.2.5p71
Ntp Ntp 4.2.5p73
7.5
CVSSv3
CVE-2016-4954
The process_packet function in ntp_proto.c in ntpd in NTP 4.x prior to 4.2.8p8 allows remote malicious users to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an ...
Ntp Ntp 4.2.8
Ntp Ntp
Oracle Solaris 11.3
Oracle Solaris 10
Suse Linux Enterprise Server 11
Suse Openstack Cloud 5
Suse Manager Proxy 2.1
Suse Manager 2.1
Suse Linux Enterprise Server 12
Suse Linux Enterprise Desktop 12
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Siemens Simatic Net Cp 443-1 Opc Ua Firmware
Siemens Tim 4r-ie Firmware
Siemens Tim 4r-ie Dnp3 Firmware
5.9
CVSSv3
CVE-2016-4955
ntpd in NTP 4.x prior to 4.2.8p8, when autokey is enabled, allows remote malicious users to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time.
Ntp Ntp 4.2.8
Ntp Ntp
Oracle Solaris 11.3
Oracle Solaris 10
Novell Suse Manager 2.1
Suse Linux Enterprise Server 11
Suse Openstack Cloud 5
Suse Manager Proxy 2.1
Suse Linux Enterprise Server 12
Suse Linux Enterprise Desktop 12
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Siemens Simatic Net Cp 443-1 Opc Ua Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »