Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ntpd vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-33192
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The se...
Tweedegolf Ntpd-rs
NA
CVE-2005-2496
The xntpd ntp (ntpd) daemon prior to 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
Dave Mills Ntpd
NA
CVE-2001-0414
Buffer overflow in ntpd ntp daemon 4.0.99k and previous versions (aka xntpd and xntp3) allows remote malicious users to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
Dave Mills Ntpd 4.0.99b
Dave Mills Ntpd 4.0.99c
Dave Mills Xntp3 5.93
Dave Mills Xntp3 5.93a
Dave Mills Ntpd 4.0.99
Dave Mills Ntpd 4.0.99a
Dave Mills Ntpd 4.0.99h
Dave Mills Ntpd 4.0.99i
Dave Mills Ntpd 4.0.99j
Dave Mills Ntpd
Dave Mills Ntpd 4.0.99f
Dave Mills Ntpd 4.0.99g
Dave Mills Xntp3 5.93d
Dave Mills Xntp3 5.93e
Dave Mills Ntpd 4.0.99d
Dave Mills Ntpd 4.0.99e
Dave Mills Xntp3 5.93b
Dave Mills Xntp3 5.93c
3 EDB exploits
7.5
CVSSv3
CVE-2018-7182
The ctl_getitem method in ntpd in ntp-4.2.8p6 prior to 4.2.8p11 allows remote malicious users to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 up to and including 4.2.8p10.
Ntp Ntp 4.2.8
Canonical Ubuntu Linux 17.10
Canonical Ubuntu Linux 18.04
Netapp Element Software -
1 EDB exploit
5.3
CVSSv3
CVE-2016-2517
NTP prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows remote malicious users to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, contr...
Ntp Ntp
Ntp Ntp 4.3.10
Ntp Ntp 4.3.11
Ntp Ntp 4.3.18
Ntp Ntp 4.3.19
Ntp Ntp 4.3.25
Ntp Ntp 4.3.26
Ntp Ntp 4.3.33
Ntp Ntp 4.3.34
Ntp Ntp 4.3.40
Ntp Ntp 4.3.41
Ntp Ntp 4.3.48
Ntp Ntp 4.3.49
Ntp Ntp 4.3.5
Ntp Ntp 4.3.56
Ntp Ntp 4.3.57
Ntp Ntp 4.3.63
Ntp Ntp 4.3.64
Ntp Ntp 4.3.71
Ntp Ntp 4.3.72
Ntp Ntp 4.3.79
Ntp Ntp 4.3.8
9.8
CVSSv3
CVE-2015-7705
The rate limiting feature in NTP 4.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77 allows remote malicious users to have unspecified impact via a large number of crafted requests.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
Citrix Xenserver 6.0.2
Citrix Xenserver 6.2.0
Citrix Xenserver 6.5
Citrix Xenserver 7.0
Siemens Tim 4r-ie Firmware
Siemens Tim 4r-ie Dnp3 Firmware
6.5
CVSSv3
CVE-2015-7851
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP prior to 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite ...
Ntp Ntp
Ntp Ntp 4.2.8
5.9
CVSSv3
CVE-2016-2519
ntpd in NTP prior to 4.2.8p7 and 4.3.x prior to 4.3.92 allows remote malicious users to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value.
Ntp Ntp
Ntp Ntp 4.3.11
Ntp Ntp 4.3.12
Ntp Ntp 4.3.19
Ntp Ntp 4.3.2
Ntp Ntp 4.3.27
Ntp Ntp 4.3.28
Ntp Ntp 4.3.34
Ntp Ntp 4.3.35
Ntp Ntp 4.3.41
Ntp Ntp 4.3.42
Ntp Ntp 4.3.5
Ntp Ntp 4.3.50
Ntp Ntp 4.3.57
Ntp Ntp 4.3.58
Ntp Ntp 4.3.64
Ntp Ntp 4.3.65
Ntp Ntp 4.3.72
Ntp Ntp 4.3.73
Ntp Ntp 4.3.8
Ntp Ntp 4.3.80
Ntp Ntp 4.3.87
7.5
CVSSv3
CVE-2016-9312
ntpd in NTP prior to 4.2.8p9, when running on Windows, allows remote malicious users to cause a denial of service via a large UDP packet.
Ntp Ntp
8.8
CVSSv3
CVE-2015-7854
Buffer overflow in the password management functionality in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
Ntp Ntp
Ntp Ntp 4.2.8
Netapp Oncommand Balance -
Netapp Oncommand Performance Manager -
Netapp Oncommand Unified Manager -
Netapp Clustered Data Ontap -
Netapp Data Ontap -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »