CVSS: 7.4EPSS: 0%CPEs: 79EXPL: 0CVE-2020-13817 – ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS
https://notcve.org/view.php?id=CVE-2020-13817
04 Jun 2020 — ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x versiones anteriores a 4.3.100, permite a atacantes remotos causar una denegación de servicio ... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html • CWE-330: Use of Insufficiently Random Values CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2020-11868 – ntp: DoS on client ntpd using server mode packet
https://notcve.org/view.php?id=CVE-2020-11868
17 Apr 2020 — ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a packet lacks a valid origin timestamp. ntpd en ntp versiones anteriores a 4.2.8p14 y versiones 4.3.x anteriores a 4.3.100, permite a un atacante fuera de ruta bloquear una sincronización no autenticada por medio de un paquete en modo server con una dirección IP de origen falsifica... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00005.html • CWE-346: Origin Validation Error CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 77EXPL: 0CVE-2014-5209
https://notcve.org/view.php?id=CVE-2014-5209
08 Jan 2020 — An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information. Existe una vulnerabilidad de Divulgación de Información en los mensajes privados (modo 6/7) de NTP versión 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podría permitir a un usuario malicioso obtener información confidencial. • https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 8%CPEs: 35EXPL: 2CVE-2019-8936 – Ubuntu Security Notice USN-4563-2
https://notcve.org/view.php?id=CVE-2019-8936
08 Mar 2019 — NTP through 4.2.8p12 has a NULL Pointer Dereference. NTP hasta 4.2.8p12 tiene una desreferencia del puntero NULL. A crafted malicious authenticated mode 6 packet from a permitted network address can trigger a NULL pointer dereference. Note for this attack to work, the sending system must be on an address from which the target ntpd(8) accepts mode 6 packets, and must use a private key that is specifically listed as being used for mode 6 authorization. The ntpd daemon can crash due to the NULL pointer derefer... • https://github.com/snappyJack/CVE-2019-8936 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 1%CPEs: 31EXPL: 0CVE-2018-7170 – Slackware Security Advisory - ntp Updates
https://notcve.org/view.php?id=CVE-2018-7170
01 Mar 2018 — ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. ntpd en ntp, en versiones 4.2.x anteriores a la 4.2.8p7 y versiones 4.3.x anteriores a la 4.3.92, permite que usuarios autenticados que conozcan la clave privada simétrica creen de for... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 7.5EPSS: 15%CPEs: 63EXPL: 0CVE-2018-7185 – Ubuntu Security Notice USN-3707-2
https://notcve.org/view.php?id=CVE-2018-7185
01 Mar 2018 — The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association. El motor de protocolo en ntp, en versiones 4.2.6 anteriores a la 4.2.8p11, permite que atacantes remotos provoquen una denegación de servicio (interrupción) mediante el envío continuado de un paquete con una marc... • http://packetstormsecurity.com/files/146631/Slackware-Security-Advisory-ntp-Updates.html •
CVSS: 8.8EPSS: 4%CPEs: 29EXPL: 0CVE-2017-6458 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6458
27 Mar 2017 — Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Múltiples desbordamientos de búfer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a través de una variable larga. Yihan Lian discovered that NTP incorrectly handled certain large request data val... • http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 19%CPEs: 1EXPL: 0CVE-2016-7429 – ntp: Attack on interface selection
https://notcve.org/view.php?id=CVE-2016-7429
13 Jan 2017 — NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. NTP en versiones anteriores a 4.2.8p9 cambia la estructura de los pares a la interfaz que recibe la respuesta de una fuente, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir la comunicación con una fuente... • http://nwtime.org/ntp428p9_release • CWE-18: DEPRECATED: Source Code •
CVSS: 5.3EPSS: 28%CPEs: 1EXPL: 0CVE-2016-7433 – ntp: Broken initial sync calculations regression
https://notcve.org/view.php?id=CVE-2016-7433
13 Jan 2017 — NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion." NTP en versiones anteriores a 4.2.8p9 no realiza adecuadamente los cálculos de sincronización inicial, lo que permite a atacantes remotos un impacto no especificado a través de vectores desconocidos, relacionado con una "distancia de raíz que no incluía la dispersión de pares". A flaw was fo... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html • CWE-682: Incorrect Calculation •
CVSS: 6.5EPSS: 13%CPEs: 1EXPL: 0CVE-2016-9310 – ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
https://notcve.org/view.php?id=CVE-2016-9310
13 Jan 2017 — The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a través de un paquete de modo de control manipulado. A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information di... • http://nwtime.org/ntp428p9_release • CWE-400: Uncontrolled Resource Consumption •