CVSS: 7.8EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6451 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6451
27 Mar 2017 — The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return value of the snprintf function, which allows local users to execute arbitrary code via unspecified vectors, which trigger an out-of-bounds memory write. La función mx4200_send en el refclock legado de MX4200 en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 no maneja correctamente el valor de retorno de la función snprintf, lo que permite ... • http://support.ntp.org/bin/view/Main/NtpBug3378 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6452 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6452
27 Mar 2017 — Stack-based buffer overflow in the Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via an application path on the command line. Desbordamiento de búfer basado en pila en el instalador de Windows para NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de una ruta de la aplicación en la línea de comandos. Additional information for the APPLE-SA-2017-... • http://support.ntp.org/bin/view/Main/NtpBug3383 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.0EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6455 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6455
27 Mar 2017 — NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPI_DLLS environment variable. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94, cuando se utiliza PPSAPI, permite a usuarios locales obtener privilegios a través de un DLL en la variable de entorno PPSAPI_DLLS Additional information for the APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 advisory has been provided that relates to Apache and various other sof... • http://support.ntp.org/bin/view/Main/NtpBug3384 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 4%CPEs: 29EXPL: 0CVE-2017-6458 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6458
27 Mar 2017 — Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Múltiples desbordamientos de búfer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a través de una variable larga. Yihan Lian discovered that NTP incorrectly handled certain large request data val... • http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6459 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6459
27 Mar 2017 — The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. El instalador de Windows para NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de vectores relacionados con un argumento con múltiples bytes nulos. Additional information for the APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 advisory h... • http://support.ntp.org/bin/view/Main/NtpBug3382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6460 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6460
27 Mar 2017 — Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. Desbordamiento de búfer basado en pila en la función reslist en ntpq en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a servidores remotos tener un impacto no especificado a través de una variable flagstr larga en una respuesta de lista de restricciones. Yi... • http://support.ntp.org/bin/view/Main/NtpBug3377 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6462 – ntp: Buffer Overflow in DPTS Clock
https://notcve.org/view.php?id=CVE-2017-6462
27 Mar 2017 — Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. Desbordamiento de búfer en el controlador refclock legado Datum Programmable Time Server (DPTS) en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de un dispositivo /dev/datum manipulado. A vulnerabili... • http://support.ntp.org/bin/view/Main/NtpBug3388 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 1%CPEs: 95EXPL: 0CVE-2017-6463 – ntp: Authenticated DoS via Malicious Config Option
https://notcve.org/view.php?id=CVE-2017-6463
27 Mar 2017 — NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) a través de una configuración no válida en al directiva :config, relacionado con la opción unpeer. A vulnerability was discovered in the ... • http://support.ntp.org/bin/view/Main/NtpBug3387 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 95EXPL: 0CVE-2017-6464 – ntp: Denial of Service via Malformed Config
https://notcve.org/view.php?id=CVE-2017-6464
27 Mar 2017 — NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a atacantes remotos provocar una denegación de servicio (caída ntpd) a través de una directiva de configuración de modo mal formado. A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause nt... • http://support.ntp.org/bin/view/Main/NtpBug3389 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 13%CPEs: 1EXPL: 0CVE-2016-9310 – ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
https://notcve.org/view.php?id=CVE-2016-9310
13 Jan 2017 — The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a través de un paquete de modo de control manipulado. A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information di... • http://nwtime.org/ntp428p9_release • CWE-400: Uncontrolled Resource Consumption •