CVSS: 7.1EPSS: 23%CPEs: 93EXPL: 0CVE-2016-2516 – Ubuntu Security Notice USN-3096-1
https://notcve.org/view.php?id=CVE-2016-2516
02 May 2016 — NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92, cuando mode7 está habilitado, permite a atacantes remotos provocar una denegación de servicio (anular ntpd) usando la misma dirección IP varias veces en una directiva unconfig. Aanchal Malhotra discovered that NTP incorrectly han... • http://support.ntp.org/bin/view/Main/NtpBug3011 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 4%CPEs: 93EXPL: 0CVE-2016-2517 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2016-2517
02 May 2016 — NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos provocar una denegación de servicio (e... • http://support.ntp.org/bin/view/Main/NtpBug3010 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 125EXPL: 0CVE-2016-2518 – ntp: out-of-bounds references on crafted packet
https://notcve.org/view.php?id=CVE-2016-2518
02 May 2016 — The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value. La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande. An out-of-bounds access flaw was found in the way ntpd processed certain packets. An au... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 9%CPEs: 93EXPL: 0CVE-2016-2519 – Ubuntu Security Notice USN-3349-1
https://notcve.org/view.php?id=CVE-2016-2519
02 May 2016 — ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. Ntpd en NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos causar una denegación de servicio (ntpd abort) por un gran petición de valores de datos, lo que activa la función ctl_getitem para devolver un valor NULL. Yihan Lian discovered that... • http://support.ntp.org/bin/view/Main/NtpBug3008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •