Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ntp Subscribe
Total 94 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7185 6 Canonical, Hpe, Netapp and 3 more 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more 2020-08-24 5.0 MEDIUM 7.5 HIGH
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
CVE-2018-8956 1 Ntp 1 Ntp 2020-07-19 5.0 MEDIUM 5.3 MEDIUM
ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.
CVE-2015-7851 1 Ntp 1 Ntp 2020-06-18 3.5 LOW 6.5 MEDIUM
Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.
CVE-2015-7703 5 Debian, Netapp, Ntp and 2 more 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more 2020-06-18 4.3 MEDIUM 7.5 HIGH
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
CVE-2016-7434 2 Hpe, Ntp 2 Hpux-ntp, Ntp 2020-06-18 4.3 MEDIUM 7.5 HIGH
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more 2020-06-18 4.3 MEDIUM 7.5 HIGH
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2016-4957 5 Novell, Ntp, Opensuse and 2 more 9 Suse Manager, Ntp, Leap and 6 more 2020-06-18 5.0 MEDIUM 7.5 HIGH
ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.
CVE-2015-7702 5 Debian, Netapp, Ntp and 2 more 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more 2020-06-18 4.0 MEDIUM 6.5 MEDIUM
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVE-2015-7701 5 Debian, Netapp, Ntp and 2 more 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more 2020-06-18 5.0 MEDIUM 7.5 HIGH
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-7692 5 Debian, Netapp, Ntp and 2 more 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more 2020-06-18 5.0 MEDIUM 7.5 HIGH
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVE-2015-7691 5 Debian, Netapp, Ntp and 2 more 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more 2020-06-18 5.0 MEDIUM 7.5 HIGH
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVE-2014-9750 4 Debian, Ntp, Oracle and 1 more 6 Debian Linux, Ntp, Linux and 3 more 2020-06-18 5.8 MEDIUM N/A
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
CVE-2004-0657 2 Hp, Ntp 2 Tru64 Unix, Ntp 2020-06-18 5.0 MEDIUM N/A
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
CVE-2015-7852 5 Debian, Netapp, Ntp and 2 more 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more 2020-06-18 4.3 MEDIUM 5.9 MEDIUM
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
CVE-2015-7850 3 Debian, Netapp, Ntp 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more 2020-06-18 4.0 MEDIUM 6.5 MEDIUM
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
CVE-2015-7849 2 Netapp, Ntp 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more 2020-06-18 6.5 MEDIUM 8.8 HIGH
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
CVE-2015-7854 2 Netapp, Ntp 6 Clustered Data Ontap, Data Ontap, Oncommand Balance and 3 more 2020-06-18 6.5 MEDIUM 8.8 HIGH
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2020-06-18 3.5 LOW 5.3 MEDIUM
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.
CVE-2014-5209 2 F5, Ntp 25 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 22 more 2020-01-24 5.0 MEDIUM 5.3 MEDIUM
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
CVE-2018-7182 3 Canonical, Netapp, Ntp 3 Ubuntu Linux, Element Software, Ntp 2019-10-31 5.0 MEDIUM 7.5 HIGH
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.