Ntp

ntp

99 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Ntp

ntp

99 CVEs

CVEs (99)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-5146 3Debian FedoraprojectNtp 3Debian Linux FedoraNtp May 13, 2026 Aug 24, 2017 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a de...Show more ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.Show less
CVE-2015-3405 7Debian FedoraprojectNtp+4 more 13Debian Linux Enterprise Linux DesktopEnterprise Linux For Ibm Z Systems+10 more May 13, 2026 Aug 9, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and...Show more ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.Show less
CVE-2015-7871 3Debian NetappNtp 7Clustered Data Ontap Data OntapDebian Linux+4 more May 13, 2026 Aug 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
CVE-2015-7855 4Debian NetappNtp+1 more 9Clustered Data Ontap Data OntapDebian Linux+6 more May 13, 2026 Aug 7, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
CVE-2015-7854 2Netapp Ntp 6Clustered Data Ontap Data OntapNtp+3 more May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary co...Show more Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.Show less
CVE-2015-7853 2Netapp Ntp 6Clustered Data Ontap Data OntapNtp+3 more May 13, 2026 Aug 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
CVE-2015-7852 5Debian NetappNtp+2 more 14Clustered Data Ontap Data OntapDebian Linux+11 more May 13, 2026 Aug 7, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
CVE-2015-7850 3Debian NetappNtp 7Clustered Data Ontap Data OntapDebian Linux+4 more May 13, 2026 Aug 7, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
CVE-2015-7849 2Netapp Ntp 6Clustered Data Ontap Data OntapNtp+3 more May 13, 2026 Aug 7, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
CVE-2015-7705 4Citrix NetappNtp+1 more 8Clustered Data Ontap Data OntapNtp+5 more May 13, 2026 Aug 7, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVE-2015-7704 6Citrix DebianMcafee+3 more 14Clustered Data Ontap Data OntapDebian Linux+11 more May 13, 2026 Aug 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVE-2015-7702 5Debian NetappNtp+2 more 13Clustered Data Ontap Data OntapDebian Linux+10 more May 13, 2026 Aug 7, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9...Show more The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.Show less
CVE-2015-7701 5Debian NetappNtp+2 more 13Clustered Data Ontap Data OntapDebian Linux+10 more May 13, 2026 Aug 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
CVE-2015-7692 5Debian NetappNtp+2 more 13Clustered Data Ontap Data OntapDebian Linux+10 more May 13, 2026 Aug 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9...Show more The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.Show less
CVE-2015-7691 5Debian NetappNtp+2 more 13Clustered Data Ontap Data OntapDebian Linux+10 more May 13, 2026 Aug 7, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This...Show more The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.Show less
CVE-2015-7703 5Debian NetappNtp+2 more 13Clustered Data Ontap Data OntapDebian Linux+10 more May 13, 2026 Jul 24, 2017 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send...Show more The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.Show less
CVE-2015-5300 7Canonical DebianFedoraproject+4 more 20Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+17 more May 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time wh...Show more The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).Show less
CVE-2015-5219 10Canonical DebianFedoraproject+7 more 18Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+15 more May 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a craft...Show more The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.Show less
CVE-2015-5195 5Canonical DebianFedoraproject+2 more 8Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+5 more May 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.
CVE-2015-5194 6Canonical DebianFedoraproject+3 more 13Debian Linux Enterprise Linux DesktopEnterprise Linux Hpc Node+10 more May 13, 2026 Jul 21, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.

Previous 123 4 5 Next