Lucene search
+L

1019 matches found

OSV
OSV
added 2025/08/29 8:54 p.m.3 views

CVE-2025-58066 DoS Vulnerability in ntpd-rs

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP...

5.3CVSS6.4AI score0.00313EPSS
Exploits0References4
OSV
OSV
added 2025/08/29 8:7 p.m.3 views

GHSA-4855-Q42W-5VR4 DoS Vulnerability in ntpd-rs

Summary A denial of service vulnerability was discovered in ntpd-rs where an attacker can induce a message storm between two NTP servers running ntpd-rs. Details Since ntpd-rs version 1.2.0, when configured as a server, incorrectly responded to all NTP messages sent to the server's port with a ti...

5.3CVSS6.8AI score0.00313EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/08/29 12:0 a.m.5 views

ntpd-rs 安全漏洞

ntpd-rs is a Project Pendulum open source tool for synchronizing computer clocks with the NTP and NTS protocols. A security vulnerability exists in ntpd-rs versions 1.2.0 through 1.6.1, which stems from allowing non-NTS traffic and could lead to a denial of service attack...

5.3CVSS6.2AI score0.00313EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/29 12:0 a.m.1 views

PT-2025-35316

Name of the Vulnerable Software and Affected Versions ntpd-rs versions 1.2.0 through 1.6.1 Description ntpd-rs, a tool for synchronizing a computer's clock implementing the NTP and NTS protocols, contains a denial of service issue. When configured as a server, the software incorrectly responds to...

5.3CVSS6.4AI score0.00313EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2025/08/28 12:0 a.m.8 views

PT-2025-35134

Name of the Vulnerable Software and Affected Versions: Comfast CF-N1 version 2.6.0 Description: A flaw exists in the ntp timezone function within the /usr/bin/webmgnt file. Manipulation of the timestr argument can lead to command injection, potentially allowing for remote attacks. The exploit for...

6.5CVSS6.3AI score0.05309EPSS
Exploits1References7
NVD
NVD
added 2025/08/27 5:15 p.m.6 views

CVE-2025-20348

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

5CVSS0.00273EPSS
Exploits0References1
OSV
OSV
added 2025/08/27 5:15 p.m.9 views

CVE-2025-20347

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

5.4CVSS5.8AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2025/08/27 5:15 p.m.10 views

CVE-2025-20347

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

5.4CVSS0.00232EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/27 12:0 a.m.7 views

PT-2025-34898 · Cisco · Cisco Nexus Dashboard +1

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC affected versions not specified Description: A vulnerability exists in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC. Th...

5CVSS6.1AI score0.00273EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-13817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service daemon exit or system time change by predicting transm...

7.4CVSS6.7AI score0.04071EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-2517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service prevent subsequent authentication by leveraging knowledge of the...

5.3CVSS6.4AI score0.08823EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.14 views

CVE-2025-55603

Tenda AX3 V16.03.12.10CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter...

0.00384EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.8 views

PT-2025-34439 · Tenda · Tenda Ax3

Name of the Vulnerable Software and Affected Versions: Tenda AX3 version V16.03.12.10 CN Description: The Tenda AX3 Router is susceptible to a buffer overflow condition in the fromSetSysTime function through manipulation of the ntpServer parameter. Recommendations: At the moment, there is no...

9.8CVSS7.5AI score0.00384EPSS
Exploits1References5
NVD
NVD
added 2025/08/20 2:15 p.m.8 views

CVE-2025-55499

Tenda AC6 V15.03.06.23multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function...

6.5CVSS0.00246EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/07/23 12:0 a.m.10 views

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface allows a hacker to execute arbitrary commands.

The vulnerability of the System Time module in the D-LINK DIR-818LW router’s software management web interface is related to the lack of measures taken to neutralize special elements during the processing of the NTP Server parameter. Exploiting this vulnerability allows a remote attacker to execu...

6.5CVSS5.9AI score0.04165EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2025/07/18 12:0 a.m.6 views

D-Link DIR-818LW Command Injection Vulnerability

The D-Link DIR-818LW is a dual-band Gigabit cloud router that supports wireless standards such as IEEE 802.11ac and IEEE 802.11n, with a wireless transfer rate of up to 433Mbps, and also provides one USB 2.0 port and four Gigabit wired ports. The D-Link DIR-818LW suffers from a command injection...

7.2CVSS7.5AI score0.04165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/07/16 9:26 p.m.6 views

CVE-2025-34132

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvrbox fails to properly sanitize input, allowing remote attackers to inject and execute...

9.3CVSS6.1AI score0.01747EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/07/16 9:26 p.m.4 views

CVE-2025-34129

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...

8.7CVSS5.8AI score0.01077EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:19 a.m.5 views

CVE-2023-3036

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packe...

8.6CVSS6.9AI score0.02237EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/05/23 12:0 a.m.91 views

📄 ABB Cylon Aspect 3.08.03 Time Manipulation

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...

7.2AI score
Exploits0
Rows per page
Query Builder