Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated malicious user to execute some OS commands remotely by sending a crafted HTTP request.
Zyxel Nbg6604 Firmware 1.01\\(abir.1\\)c0
9.3
CVSSv2
CVE-2018-18638
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network malicious users to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
Neatorobotics Botvac Connected Firmware 2.2.0
7.5
CVSSv2
CVE-2018-20053
An issue exists on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network.
Cerner Connectivity Engine 4 Firmware
5
CVSSv2
CVE-2014-9576
VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote malicious users to obtain access.
Vdgsecurity Vdg Sense 2.3.13
NA
CVE-2023-3036
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote malicious user to trigger a panic by sending an NTSAuthenticator packet with extension lengt...
Cloudflare Cfnts
6.5
CVSSv2
CVE-2015-7854
Buffer overflow in the password management functionality in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
6.5
CVSSv2
CVE-2015-7849
Use-after-free vulnerability in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
7.5
CVSSv2
CVE-2022-26991
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows malicious users to execute arbitrary commands via a crafted ...
Arris Sbr-ac1900p Firmware 1.0.7-b05
Arris Sbr-ac3200p Firmware 1.0.7-b05
Arris Sbr-ac1200p Firmware 1.0.5-b05
10
CVSSv2
CVE-2006-3628
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote malicious users to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10.10
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.6
Wireshark Wireshark 0.10.4
Wireshark Wireshark 0.99
Ethereal Group Ethereal 0.10.11
Ethereal Group Ethereal 0.10.12
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.8
Wireshark Wireshark 0.99.1
Ethereal Group Ethereal 0.10.0
Ethereal Group Ethereal 0.10.0a
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.3
Wireshark Wireshark 0.10
Wireshark Wireshark 0.10.13
Ethereal Group Ethereal 0.10
Ethereal Group Ethereal 0.10.13
Ethereal Group Ethereal 0.10.14
Ethereal Group Ethereal 0.10.9
5
CVSSv2
CVE-2014-3309
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote malicious users to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj663...
Cisco Ios Xe -
Cisco Ios -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »