MiracleLinux 7 : chrony-2.1.1-1.0.1.el7.AXS7 (AXSA:2015-927:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-927:01 advisory. A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: chrony (UTSA-2025-990681)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990681 advisory. A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still...

SUSE SLES12 Security Update : chrony (SUSE-SU-2025:3868-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:3868-1 advisory. Security issues fixed: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root bsc1246544. Other issues...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : chrony (SUSE-SU-2025:3794-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3794-1 advisory. - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root...

EUVD-2010-0323

Malware in sbrugna...

EUVD-2015-1942

Malware in sbrugna...

EUVD-2014-0122

Malware in sbrugna...

EUVD-2012-4431

Malware in sbrugna...

EUVD-2015-1962

Malware in sbrugna...

EUVD-2010-0325

Malware in sbrugna...

EUVD-2016-2662

Malware in sbrugna...

EUVD-2012-4432

Malware in sbrugna...

SUSE CVE-2012-4503

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to 1 an invalid subnet in a RPYSUBNETSACCESSED command to the handlesubnetsaccessed function or 2 a RPYCLIENTACCESSES command to the handleclientaccesses functi...

SUSE CVE-2014-0021

Chrony before 1.29.1 has traffic amplification in cmdmon protocol...

SUSE SLED15 / SLES15 Security Update : chrony (SUSE-SU-2022:0845-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0845-1 advisory. - A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The fil...

The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol (NTP) allows a attacker to cause a service failure.

The vulnerability of the Chrony daemon in the implementation of the Network Time Protocol NTP is related to an incorrect definition of the link before accessing the file in the /var/run/chrony directory. Exploiting this vulnerability could allow a attacker to cause a service failure by using a...

Amazon Linux 2 : chrony (ALAS-2021-1575)

The version of chrony installed on the remote host is prior to 3.5.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1575 advisory. A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup...

Amazon Linux AMI : chrony (ALAS-2020-1431)

The version of chrony installed on the remote host is prior to 3.2-1.27. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1431 advisory. A flaw was found in chrony when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup...

USN-4475-1 chrony vulnerability

It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information...

PT-2020-5837 · Chrony +5 · Chrony +5

Name of the Vulnerable Software and Affected Versions: chrony versions prior to 3.5.1 Description: A flaw in chrony allows an attacker with privileged access to create a symlink with the default PID file name, pointing to any destination file in the system. This results in data loss and a denial ...