Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntp ntp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-33192
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The se...
Tweedegolf Ntpd-rs
7.5
CVSSv3
CVE-2014-7255
Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 up to and including 4.62, SEIL/X2 2.50 up to and including 4.62, SEIL/B1 2.50 up to and including 4.62, and SEIL/x86 Fuji 1.70 up to and including 3.22 allow remote malicious users to cause a denial of service (CPU a...
Iij Seil B1 Firmware
Iij Seil X2 Firmware
Iij Seil X1 Firmware
Iij Seil X86 Fuji Firmware
4.8
CVSSv3
CVE-2020-25498
Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server name in System Time and "Keyword" in URL Filter.
Beetel 777vr1 Firmware -
1 Github repository
6.1
CVSSv3
CVE-2020-35262
Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be exploited via the NTP server name in Time and date module and "Keyword" in URL Filter.
Digisol Dg-hr3400 Firmware -
1 Github repository
7.5
CVSSv3
CVE-2015-7848
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP dae...
Ntp Ntp-dev 4.3.70
9.8
CVSSv3
CVE-2020-9020
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
Iteris Vantage Velocity Firmware 2.3.1
Iteris Vantage Velocity Firmware 2.4.2
Iteris Vantage Velocity Firmware 3.0
7.4
CVSSv3
CVE-2021-22212
ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. Thi...
Ntpsec Ntpsec 1.2.0
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2018-5336
In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth.
Wireshark Wireshark
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2015-1853
chrony prior to 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets.
Tuxfamily Chrony
NA
CVE-2014-8651
The KDE Clock KCM policykit helper in kde-workspace prior to 4.11.14 and plasma-desktop prior to 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
Kde Plasma-desktop
Kde Kde-workspace
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »