CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

7.5CVSS7.2AI score0.12144EPSS

Exploits0References4

Tenable Nessus•added 2023/11/15 12:0 a.m.•27 views

Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7702)

6.5CVSS7AI score0.01669EPSS

Exploits0References4

F5 Networks•added 2023/02/21 7:28 p.m.•60 views

K16392: NTP vulnerability CVE-2014-9750

Security Advisory Description The vallen packet value is not validated in several code paths in ntpcrypto.c which can lead to information leakage or a possible crash of ntpd. CVE-2014-9750 Note : The original candidate number referenced in this article, CVE-2014-9297, was rejected because it was...

5.8CVSS7.3AI score0.04426EPSS

Exploits0Affected Software19

F5 Networks•added 2023/02/21 6:46 p.m.•110 views

K03331206: NTP vulnerability CVE-2016-4955

Security Advisory Description ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service peer-variable clearing and association outage by sending 1 a spoofed crypto-NAK packet or 2 a packet with an incorrect MAC value at a certain time...

5.9CVSS6.4AI score0.01749EPSS

Exploits0Affected Software24

SUSE CVE•added 2023/02/15 6:4 a.m.•1 views

SUSE CVE-2009-1252

Stack-based buffer overflow in the cryptorecv function in ntpcrypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenSSL and autokey are enabled, allows remote attackers to execute arbitrary code via a crafted packet containing an extension field...

6.8CVSS8.3AI score0.70247EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 5:25 a.m.•2 views

SUSE CVE-2014-9295

Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, related to 1 the cryptorecv function when the Autokey Authentication feature is used, 2 the ctlputdata function, and 3 the configure function...

7.5CVSS9.6AI score0.57272EPSS

Exploits1References15

SUSE CVE•added 2023/02/15 5:24 a.m.•1 views

SUSE CVE-2014-9750

ntpcrypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service daemon crash via a packet containing an extension field with an invalid value for the length of its value...

5.8CVSS6.8AI score0.04426EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 5:13 a.m.•0 views

SUSE CVE-2015-7691

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...

7.5CVSS8AI score0.12144EPSS

Exploits0References12

SUSE CVE•added 2023/02/15 5:2 a.m.•1 views

SUSE CVE-2016-4955

ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service peer-variable clearing and association outage by sending 1 a spoofed crypto-NAK packet or 2 a packet with an incorrect MAC value at a certain time...

5.9CVSS7.5AI score0.01749EPSS

Exploits0References12