CVSS: 4.3EPSS: 19%CPEs: 1EXPL: 0CVE-2016-7429 – ntp: Attack on interface selection
https://notcve.org/view.php?id=CVE-2016-7429
13 Jan 2017 — NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use. NTP en versiones anteriores a 4.2.8p9 cambia la estructura de los pares a la interfaz que recibe la respuesta de una fuente, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir la comunicación con una fuente... • http://nwtime.org/ntp428p9_release • CWE-18: DEPRECATED: Source Code •
CVSS: 6.5EPSS: 13%CPEs: 1EXPL: 0CVE-2016-9310 – ntp: Mode 6 unauthenticated trap information disclosure and DDoS vector
https://notcve.org/view.php?id=CVE-2016-9310
13 Jan 2017 — The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet. La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a través de un paquete de modo de control manipulado. A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information di... • http://nwtime.org/ntp428p9_release • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 15%CPEs: 1EXPL: 0CVE-2016-7431 – Ubuntu Security Notice USN-3349-1
https://notcve.org/view.php?id=CVE-2016-7431
21 Dec 2016 — NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this vulnerability exists because of a CVE-2015-8138 regression. NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos eludir el mecanismo de protección de la marca de tiempo de origen a través de una marca de tiempo de origen de cero. NOTA: esta vulnerabilidad existe debido a una regresión de CVE-2015-8138. Yihan Lian discovered that NTP incorrectly handled certa... • http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 4%CPEs: 3EXPL: 0CVE-2016-7428 – Ubuntu Security Notice USN-3349-1
https://notcve.org/view.php?id=CVE-2016-7428
21 Dec 2016 — ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet. ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (rechazar paquetes de modo de difusión) a través del intervalo de encuesta en un paquete de difusión. Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause ... • http://nwtime.org/ntp428p9_release • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 33%CPEs: 92EXPL: 0CVE-2016-7426 – ntp: Client rate limiting and server responses
https://notcve.org/view.php?id=CVE-2016-7426
21 Dec 2016 — NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. NTP en versiones anteriores a 4.2.8p9 limita la clasificación de respuestas recibidas desde las fuentes configuradas cuando la limitación de clasificación para todas las asociaciones está habilitado, lo que permite a atacantes remotos... • http://nwtime.org/ntp428p9_release • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 4%CPEs: 3EXPL: 0CVE-2016-7427 – Ubuntu Security Notice USN-3349-1
https://notcve.org/view.php?id=CVE-2016-7427
21 Dec 2016 — The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet. La funcionalidad de prevención de repetición del modo de difusión en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (rechazar paquetes de modo de difusión) a través de un paquete de modo de difusión manipulado. Yihan Lian discovered that NTP inco... • http://nwtime.org/ntp428p9_release • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 71%CPEs: 492EXPL: 5CVE-2016-7434 – NTP 4.2.8p8 - Denial of Service
https://notcve.org/view.php?id=CVE-2016-7434
22 Nov 2016 — The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query. La función read_mru_list en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una consulta mrulist manipulada. Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service.... • https://packetstorm.news/files/id/139856 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 25%CPEs: 1EXPL: 0CVE-2015-8139 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2015-8139
21 Jul 2016 — ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. ntpq en NTP en versiones anteriores a 4.2.8p7 permite a atacantes remotos obtener timestamps de origen y luego suplantar a sus pares a través de vectores no especificados. Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Versions less than 4.2.8_p8 are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-284: Improper Access Control •
CVSS: 5.8EPSS: 32%CPEs: 1EXPL: 0CVE-2015-8140 – Gentoo Linux Security Advisory 201607-15
https://notcve.org/view.php?id=CVE-2015-8140
21 Jul 2016 — The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. El protocolo ntpq en NTP en versiones anteriores a 4.2.8p7 permite a los atacantes remotos realizar ataques de repetición para rastrear la red. Multiple vulnerabilities have been found in NTP, the worst of which could lead to Denial of Service. Versions less than 4.2.8_p8 are affected. • http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 13%CPEs: 41EXPL: 0CVE-2016-4954 – HPE Security Bulletin HPESBHF03757 1
https://notcve.org/view.php?id=CVE-2016-4954
06 Jun 2016 — The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. La función process_packet en ntp_proto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (modificación de par variable) enviando paquetes falsif... • http://bugs.ntp.org/3044 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •