Mt8-emui4.1,nts-al00 Security Vulnerabilities
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
7.2AI Score
0.0004EPSS
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...
7.5CVSS
7AI Score
0.0004EPSS
Unlimited number of NTS-KE connections can crash ntpd-rs server
Summary Missing limit for accepted NTS-KE connections allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such as the default ntpd-rs configuration, are unaffected. Details Operating systems have a limit for the number...
7.5CVSS
7AI Score
0.0004EPSS
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
7.2AI Score
0.0004EPSS
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
0.0004EPSS
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
7.6AI Score
0.0004EPSS
CVE-2024-38528 Unlimited number of NTS-KE connections can crash ntpd-rs server
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such...
7.5CVSS
0.0004EPSS
Fedora: Security Advisory for ntpd-rs (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for...
7.5AI Score
[SECURITY] Fedora 39 Update: ntpd-rs-1.1.2-2.fc39
Full-featured implementation of NTP with NTS...
7.3AI Score
Fedora: Security Advisory for ntpd-rs (FEDORA-2024-ce2936b568)
The remote host is missing an update for...
7.5AI Score
[SECURITY] Fedora 40 Update: ntpd-rs-1.1.2-2.fc40
Full-featured implementation of NTP with NTS...
7.3AI Score
7.5CVSS
7.4AI Score
0.0005EPSS
5.5CVSS
5.5AI Score
0.001EPSS
ntpd has Dependency on Vulnerable Third-Party Component
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...
6.9AI Score
ntpd has Dependency on Vulnerable Third-Party Component
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...
6.9AI Score
Fedora 38 : ntpsec (2023-26cbce3854)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-26cbce3854 advisory. ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). (CVE-2023-4012) Note that...
7.5CVSS
6.6AI Score
0.0005EPSS
Fedora 37 : ntpsec (2023-9fa8f29bb7)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-9fa8f29bb7 advisory. ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). (CVE-2023-4012) Note that...
7.5CVSS
6.6AI Score
0.0005EPSS
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode...
7.5CVSS
7.2AI Score
0.0005EPSS
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode...
7.5CVSS
7.6AI Score
0.0005EPSS
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode...
7.5CVSS
7.6AI Score
0.0005EPSS
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode...
7.5CVSS
6.4AI Score
0.0005EPSS
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode...
7.5CVSS
7.4AI Score
0.0005EPSS
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode...
7.5CVSS
7.4AI Score
0.0005EPSS
CVE-2023-4012 Incomplete Internal State Distinction in ntpsec
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode...
7.5CVSS
7.8AI Score
0.0005EPSS
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). Bugs ...
7.5CVSS
6.4AI Score
0.0005EPSS
7.5CVSS
7.6AI Score
0.0005EPSS
NPTD is vulnerable to Denial Of Service (DoS). The vulnerability is due when the server is not NTS-enabled (no certificate), an attacker can submit a NTS-enabled client request, resulting in a server...
7.5CVSS
6.7AI Score
0.0005EPSS
[SECURITY] [DSA 5466-1] ntpsec security update
Debian Security Advisory DSA-5466-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 04, 2023 https://www.debian.org/security/faq Package : ntpsec CVE ID : CVE-2023-4012 Debian Bug :...
7.5CVSS
6.3AI Score
0.0005EPSS
Debian DSA-5466-1 : ntpsec - security update
The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5466 advisory. ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). (CVE-2023-4012) Note that Nessus has not...
7.5CVSS
7.2AI Score
0.0005EPSS
nts-info.com Cross Site Scripting vulnerability OBB-3365618
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes.....
7.5CVSS
7.5AI Score
0.001EPSS
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes.....
7.5CVSS
7.5AI Score
0.001EPSS
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes.....
7.5CVSS
7AI Score
0.001EPSS
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes.....
7.5CVSS
7.5AI Score
0.001EPSS
CVE-2023-33192 Improper handling of NTS cookie length that could crash the ntpd-rs server
ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes.....
7.5CVSS
7.7AI Score
0.001EPSS
Improper handling of NTS cookie length that could crash the ntpd-rs server
Impact ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS...
7.5CVSS
6.2AI Score
0.001EPSS
Improper handling of NTS cookie length that could crash the ntpd-rs server
Impact ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS...
7.5CVSS
6.2AI Score
0.001EPSS
There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...
5.5CVSS
5.7AI Score
0.0004EPSS
There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...
5.5CVSS
5.6AI Score
0.0004EPSS
There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...
5.5CVSS
5.6AI Score
0.0004EPSS
There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to...
5.9AI Score
0.0004EPSS
The Huawei Children Smart Watch (Simba-AL00) has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail.(Vulnerability ID:HWPSIRT-2022-18770) This vulnerability has been assigned a (CVE).....
5.5CVSS
5.7AI Score
0.0004EPSS
nts-transportsysteme.de Cross Site Scripting vulnerability OBB-2707275
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Galleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224)
TL;DR Galleon Systems’ GPS NTP time server had a command injection vulnerability in the firmware of their NTS GPS device which could allow total control of the device through the web management interface. The vulnerability - CVE-2022-27224...
7.2CVSS
0.4AI Score
0.019EPSS
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and....
7.2CVSS
0.019EPSS
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and....
7.2CVSS
7.2AI Score
0.019EPSS
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and....
7.2CVSS
7.2AI Score
0.019EPSS
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and....
7.5AI Score
0.019EPSS
openSUSE: Security Advisory for chrony (openSUSE-SU-2022:0845-1)
The remote host is missing an update for...
6CVSS
6AI Score
0.0004EPSS
6CVSS
6AI Score
0.0004EPSS