CVSS: 8.8EPSS: 4%CPEs: 29EXPL: 0CVE-2017-6458 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6458
27 Mar 2017 — Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable. Múltiples desbordamientos de búfer en las funciones ctl_put * en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permiten a usuarios remotos autenticados tener un impacto no especificado a través de una variable larga. Yihan Lian discovered that NTP incorrectly handled certain large request data val... • http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6459 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6459
27 Mar 2017 — The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via vectors related to an argument with multiple null bytes. El instalador de Windows para NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de vectores relacionados con un argumento con múltiples bytes nulos. Additional information for the APPLE-SA-2017-09-25-1 macOS High Sierra 10.13 advisory h... • http://support.ntp.org/bin/view/Main/NtpBug3382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6460 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-6460
27 Mar 2017 — Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response. Desbordamiento de búfer basado en pila en la función reslist en ntpq en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a servidores remotos tener un impacto no especificado a través de una variable flagstr larga en una respuesta de lista de restricciones. Yi... • http://support.ntp.org/bin/view/Main/NtpBug3377 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 95EXPL: 0CVE-2017-6462 – ntp: Buffer Overflow in DPTS Clock
https://notcve.org/view.php?id=CVE-2017-6462
27 Mar 2017 — Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device. Desbordamiento de búfer en el controlador refclock legado Datum Programmable Time Server (DPTS) en NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios locales tener un impacto no especificado a través de un dispositivo /dev/datum manipulado. A vulnerabili... • http://support.ntp.org/bin/view/Main/NtpBug3388 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 2%CPEs: 95EXPL: 0CVE-2017-6463 – ntp: Authenticated DoS via Malicious Config Option
https://notcve.org/view.php?id=CVE-2017-6463
27 Mar 2017 — NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid setting in a :config directive, related to the unpeer option. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a usuarios remotos autenticados provocar una denegación de servicio (caída del demonio) a través de una configuración no válida en al directiva :config, relacionado con la opción unpeer. A vulnerability was discovered in the ... • http://support.ntp.org/bin/view/Main/NtpBug3387 • CWE-20: Improper Input Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 2%CPEs: 95EXPL: 0CVE-2017-6464 – ntp: Denial of Service via Malformed Config
https://notcve.org/view.php?id=CVE-2017-6464
27 Mar 2017 — NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configuration directive. NTP en versiones anteriores a 4.2.8p10 y 4.3.x en versiones anteriores a 4.3.94 permite a atacantes remotos provocar una denegación de servicio (caída ntpd) a través de una directiva de configuración de modo mal formado. A vulnerability was discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause nt... • http://support.ntp.org/bin/view/Main/NtpBug3389 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 0CVE-2016-9312
https://notcve.org/view.php?id=CVE-2016-9312
13 Jan 2017 — ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. ntpd en NTP en versiones anteriores a 4.2.8p9, cuando se ejecuta en Windows, permite a atacantes remotos provocar una denegación de servicio a través de un paquete UDP grande. • http://nwtime.org/ntp428p9_release • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 8%CPEs: 1EXPL: 0CVE-2016-9310 – ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
https://notcve.org/view.php?id=CVE-2016-9310
13 Jan 2017 — The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a través de un paquete de modo de control manipulado. A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information di... • http://nwtime.org/ntp428p9_release • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 19%CPEs: 1EXPL: 0CVE-2016-9311 – ntp: Null pointer dereference when trap service is enabled
https://notcve.org/view.php?id=CVE-2016-9311
13 Jan 2017 — ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet. ntpd en NTP en versiones anteriores a 4.2.8p9, cuando el servicio de captura está habilitado, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un paquete manipulado. A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially craft... • http://nwtime.org/ntp428p9_release • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 28%CPEs: 1EXPL: 0CVE-2016-7429 – ntp: Attack on interface selection
https://notcve.org/view.php?id=CVE-2016-7429
13 Jan 2017 — NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. NTP en versiones anteriores a 4.2.8p9 cambia la estructura de los pares a la interfaz que recibe la respuesta de una fuente, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir la comunicación con una fuente... • http://nwtime.org/ntp428p9_release • CWE-18: DEPRECATED: Source Code •