Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-20053
An issue exists on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network.
Cerner Connectivity Engine 4 Firmware
8.8
CVSSv3
CVE-2023-33013
A post-authentication command injection vulnerability in the NTP feature of Zyxel NBG6604 firmware version V1.01(ABIR.1)C0 could allow an authenticated malicious user to execute some OS commands remotely by sending a crafted HTTP request.
Zyxel Nbg6604 Firmware 1.01\\(abir.1\\)c0
8.1
CVSSv3
CVE-2018-18638
A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network malicious users to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.
Neatorobotics Botvac Connected Firmware 2.2.0
NA
CVE-2014-9576
VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows remote malicious users to obtain access.
Vdgsecurity Vdg Sense 2.3.13
7.5
CVSSv3
CVE-2023-3036
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote malicious user to trigger a panic by sending an NTSAuthenticator packet with extension lengt...
Cloudflare Cfnts
8.8
CVSSv3
CVE-2015-7849
Use-after-free vulnerability in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
8.8
CVSSv3
CVE-2015-7854
Buffer overflow in the password management functionality in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
NA
CVE-2006-3628
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote malicious users to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
Ethereal Group Ethereal 0.10.1
Ethereal Group Ethereal 0.10.10
Ethereal Group Ethereal 0.10.4
Ethereal Group Ethereal 0.10.5
Ethereal Group Ethereal 0.10.6
Wireshark Wireshark 0.10.4
Wireshark Wireshark 0.99
Ethereal Group Ethereal 0.10.11
Ethereal Group Ethereal 0.10.12
Ethereal Group Ethereal 0.10.7
Ethereal Group Ethereal 0.10.8
Wireshark Wireshark 0.99.1
Ethereal Group Ethereal 0.10.0
Ethereal Group Ethereal 0.10.0a
Ethereal Group Ethereal 0.10.2
Ethereal Group Ethereal 0.10.3
Wireshark Wireshark 0.10
Wireshark Wireshark 0.10.13
Ethereal Group Ethereal 0.10
Ethereal Group Ethereal 0.10.13
Ethereal Group Ethereal 0.10.14
Ethereal Group Ethereal 0.10.9
9.8
CVSSv3
CVE-2022-26991
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows malicious users to execute arbitrary commands via a crafted ...
Arris Sbr-ac1900p Firmware 1.0.7-b05
Arris Sbr-ac3200p Firmware 1.0.7-b05
Arris Sbr-ac1200p Firmware 1.0.5-b05
NA
CVE-2014-3309
The NTP implementation in Cisco IOS and IOS XE does not properly support use of the access-group command for a "deny all" configuration, which allows remote malicious users to bypass intended restrictions on time synchronization via a standard query, aka Bug ID CSCuj663...
Cisco Ios Xe -
Cisco Ios -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »