CVSS: 5.8EPSS: 3%CPEs: 1EXPL: 0CVE-2015-8140 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2015-8140
21 Jul 2016 — The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. El protocolo ntpq en NTP en versiones anteriores a 4.2.8p7 permite a los atacantes remotos realizar ataques de repetición para rastrear la red. Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Versions less than 4.2.8_p8 are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-284: Improper Access Control •
CVSS: 7.1EPSS: 2%CPEs: 93EXPL: 0CVE-2016-2516 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2016-2516
02 May 2016 — NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92, cuando mode7 está habilitado, permite a atacantes remotos provocar una denegación de servicio (anular ntpd) usando la misma dirección IP varias veces en una directiva unconfig. Aanchal Malhotra discovered that NTP incorrectly han... • http://support.ntp.org/bin/view/Main/NtpBug3011 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 93EXPL: 0CVE-2016-2517 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2016-2517
02 May 2016 — NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos provocar una denegación de servicio (e... • http://support.ntp.org/bin/view/Main/NtpBug3010 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 125EXPL: 0CVE-2016-2518 – ntp: out-of-bounds references on crafted packet
https://notcve.org/view.php?id=CVE-2016-2518
02 May 2016 — The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An au... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 3%CPEs: 93EXPL: 0CVE-2016-2519 – Ubuntu Security Notice USN-3349-1
https://notcve.org/view.php?id=CVE-2016-2519
02 May 2016 — ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. Ntpd en NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos causar una denegación de servicio (ntpd abort) por un gran petición de valores de datos, lo que activa la función ctl_getitem para devolver un valor NULL. Yihan Lian discovered that... • http://support.ntp.org/bin/view/Main/NtpBug3008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1547 – ntp: crypto-NAK preemptable association denial of service
https://notcve.org/view.php?id=CVE-2016-1547
02 May 2016 — An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. Un atacante fuera de ruta puede provocar que una asociación de clientes preventiva sea desmovilizada en NTP 4.2.8p4 y versiones anteriores y NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 en... • http://rhn.redhat.com/errata/RHSA-2016-1552.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 90EXPL: 0CVE-2015-8158 – ntp: potential infinite loop in ntpq
https://notcve.org/view.php?id=CVE-2015-8158
25 Feb 2016 — The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values. La función getresponse en ntpq en NTP versiones anteriores a 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.90 permite a los atacantes remotos causar una denegación de servicio (bucle infinito) a través de paquetes creados con valores incorrectos. A flaw was found in the way the ntpq client processed certain inc... • http://rhn.redhat.com/errata/RHSA-2016-2583.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.9EPSS: 6%CPEs: 91EXPL: 0CVE-2015-7977 – ntp: restriction list NULL pointer dereference
https://notcve.org/view.php?id=CVE-2015-7977
25 Feb 2016 — ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command. ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist. A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large a... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 26%CPEs: 90EXPL: 0CVE-2015-7978 – ntp: stack exhaustion in recursive traversal of restriction list
https://notcve.org/view.php?id=CVE-2015-7978
25 Feb 2016 — NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list. NTP en versiones anteriores a 4.2.8p6 y 4.3.0 en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (agotamiento de la pila) a través de un comando ntpdc relist, lo que desencadena el recorrido recursivo de la lista de restricciones. A stack-based buffer overflow... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html • CWE-121: Stack-based Buffer Overflow CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 39%CPEs: 90EXPL: 0CVE-2015-7979 – ntp: off-path denial of service on authenticated broadcast mode
https://notcve.org/view.php?id=CVE-2015-7979
25 Feb 2016 — NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client. NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos causar una denegación de servicio (asociación cliente-servidor) por el envío de paquetes de difusión con autenticación no válida a un cliente transmisor. It was found that when NTP was config... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html • CWE-19: Data Processing Errors CWE-20: Improper Input Validation •