PT-2024-30187 · Linuxptp +1 · Linuxptp +1

Name of the Vulnerable Software and Affected Versions: linuxptp versions 4.2 and earlier Description: The issue allows a remote attacker to cause a denial of service via a crafted Pdelay Req message to the time synchronization function. This can be exploited by sending a specifically crafted...

IEEE 802.1AS 安全漏洞

IEEE 802.1AS is a standard protocol of the IEEE organization. A security vulnerability exists in IEEE 802.1AS version v.4.2 and earlier. A remote attacker causes a denial of service by sending a specially crafted PdelayReq message to the time synchronization function...

F-logic DataCube3 操作系统命令注入漏洞

F-logic DataCube3 is a small measurement terminal system from F-logic Japan. An operating system command injection vulnerability exists in F-logic DataCube3 version 1.0, which originates from the parameter ntpserver via the file /admin/configtimesync.php that causes operating system command...

Provisioning Services Time Synchronization Requirements

The Provisioning Services StreamProcess becomes unresponsive when a time change occurs on the Provisioning Services Server...

CVE-2023-48315 Azure RTOS NetX Duo Remote Code Execution Vulnerability

Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to ftp and...

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server, allowing a perpetrator to execute arbitrary code.

The vulnerability of the microprogrammed software of Advantech EKI-1524, EKI-1522, and EKI-1521 lies in the ability to inject commands into the input field of the NTP server. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted POST request...

OTP device test error "Failed to verify OTP from. Please ensure Citrix ADC is synced to NTP time"

OTP registered device test error "Failed to verify OTP. Please make sure Citrix ADC is synced to NTP time. "...

Mobatime 安全漏洞

Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in Mobatime AMXGT100 version 1.3.20 and earlier versions that stems from incorrect authorization...

Mobatime 授权问题漏洞

Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in Mobatime AMXGT100 version 1.3.20 and prior versions that stems from improper authentication...

Vulnerability of the mstolfp() function (libntp/mstolfp.c) in the ntpq monitoring program, which implements a time synchronization protocol. This vulnerability allows a perpetrator to execute arbitrary code.

The vulnerability of the mstolfp function libntp/mstolfp.c in the ntpq monitoring program, which implements the NTP time synchronization protocol, is related to writing beyond the buffer boundaries within the cpcpdec loop. Exploiting this vulnerability could allow a remote attacker to execute...

The vulnerabilities of encryption algorithms such as PKCS#1 v1.5, RSA-OEAP, and RSASVE in the OpenSSL cryptographic library allow attackers to execute the Bleichenbacher attack.

The vulnerability of encryption algorithms such as PKCS1 v1.5, RSA-OEAP, and RASSEV in the OpenSSL cryptographic library is related to the creation of a secondary synchronization channel due to time differences. Exploiting this vulnerability can allow an attacker operating remotely to execute a...

K71245322: NTP vulnerability CVE-2015-8138

Security Advisory Description NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. CVE-2015-8138 Impact An attacker may be able to disable time synchronization with the server or push...

K10600056: NTP vulnerability CVE-2015-5300

Security Advisory Description It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. CVE-2015-5300 Impact A man-in-the-middle attacker able to intercept network time protocol NTP traffic between a...

ansible-ntp 安全漏洞

ansible-ntp is managing time synchronization, NTP servers and time zones. A security vulnerability exists in ansible-ntp that stems from insufficient control over the amount of network messages...

Security Advisory 0076

Security Advisory 0076 . CSAF PDF April 26th, 2022 Revision | Date | Changes ---|---|--- 1.0 | April 26th, 2022 | Initial release 1.1 | May 16th, 2022 | Updated hotfix information The CVE-ID tracking this issue: CVE-2021-28510 CVSSv3.1 Base Score: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L...

PT-2022-9902 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: The issue occurs when a Precision Time Protocol PTP packet with an invalid Type-Length-Value TLV is received, causing the PTP agent to restart. Repeated restarts of the service will make...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01 allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result ...

The vulnerability of microprogrammed software in time-synchronization servers for precise timing, such as Reason RT430/RT434 GNSS Grandmaster Clock, is related to the possibility of introducing code that allows a violator to execute arbitrary code.

The vulnerability of the microprogramming software used in time-synchronized server synchronization systems like Reason RT430/RT434 GNSS Grandmaster Clock is related to the possibility of code injection. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Security Bulletin: Vulnerability in ntp (CVE-2020-11868 and CVE-2020-13817).

Summary NTP Network Time Protocol used to synchronize the time on your Power Hardware Management Console HMC with a centralized NTP server. HMC has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in...