Lucene search
K

15 matches found

Snyk
Snyk
added 2026/06/10 7:22 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the ValidatePodSpecSafety and ValidateContainerSafety processes. An attacker can gain elevated privileges and modify the system clock across tenant boundaries by adding CAPSYSTIME to the...

8.5CVSS5.8AI score0.00274EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-1549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earli...

6.5CVSS6.2AI score0.03147EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/10/01 12:0 a.m.19 views

Synology DiskStation Manager NTPD Victim's Clock Modification (CVE-2018-7170)

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an...

5.3CVSS6.8AI score0.02704EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 5:8 a.m.6 views

SUSE CVE-2016-1549

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock...

6.5CVSS6.8AI score0.03147EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2020/07/09 12:0 a.m.38 views

SUSE SLES12 Security Update : ntp (SUSE-SU-2020:1805-1)

This update for ntp fixes the following issues : ntp was updated to 4.2.8p15 CVE-2020-11868: Fixed an issue which a server mode packet with spoofed source address frequently send to the client ntpd could have caused denial of service bsc1169740. CVE-2018-8956: Fixed an issue which could have...

7.5CVSS6.2AI score0.04071EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2020/06/05 10:24 a.m.37 views

CVE-2020-13817

A high-performance ntpd instance that gets its time from unauthenticated IPv4 time sources may be vulnerable to an off-path attacker who can query time from the victim's ntpd instance. An attacker who can send a large number of packets with the spoofed IPv4 address of the upstream server can use...

7.4CVSS1AI score0.04071EPSS
Exploits0References4
Amazon
Amazon
added 2018/05/10 12:0 a.m.63 views

Medium: ntp

Issue Overview: Ephemeral association time spoofing additional protection ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modif...

9.8CVSS7.9AI score0.2932EPSS
Exploits8
Prion
Prion
added 2018/03/06 8:29 p.m.25 views

Code injection

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an...

3.5CVSS6AI score0.03147EPSS
Exploits1References10Affected Software7
CVE
CVE
added 2018/03/06 8:0 p.m.198 views

CVE-2018-7170

CVE-2018-7170 affects ntp’s ntpd component in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92. An authenticated attacker who knows a private symmetric key can create many ephemeral associations to win the clock selection (Sybil attack) and modify a victim’s clock. The issue arises from an incomp...

5.3CVSS6.3AI score0.02704EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2018/03/06 8:0 p.m.44 views

CVE-2018-7170

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an...

5.3CVSS7.3AI score0.02704EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/03/04 12:0 a.m.5 views

PT-2018-2021 · Ntp +5 · Ntp +5

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.6 through 4.2.8p10 Description: The issue is related to the implementation of the NTP protocol, specifically with insufficient input validation. This can be exploited by a remote attacker to cause a denial of service by sendi...

9.8CVSS6.4AI score0.2932EPSS
Exploits15References95
RedhatCVE
RedhatCVE
added 2018/02/28 7:49 p.m.29 views

CVE-2018-7170

A flaw was found in ntpd making it vulnerable to Sybil attacks. An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock...

5.3CVSS3.1AI score0.02704EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/09/27 12:0 a.m.6 views

PT-2018-2209 · Ntp +4 · Ntp +4

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.x through 4.2.8p6 ntp versions 4.3.x through 4.3.91 Description: The issue is related to errors in key management in the ntpd implementation of the NTP protocol, allowing a remote attacker to impact the integrity of protected...

9.8CVSS6.6AI score0.52935EPSS
Exploits32References168
OSV
OSV
added 2017/01/06 9:59 p.m.4 views

DEBIAN-CVE-2016-1549

A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock...

6.5CVSS6.7AI score0.03147EPSS
Exploits1References1
CVE
CVE
added 2017/01/06 9:0 p.m.126 views

CVE-2016-1549

CVE-2016-1549 affects ntpd; a malicious authenticated peer can create arbitrarily-many ephemeral associations to win the clock selection and modify a victim’s clock. Affected versions: ntpd 4.2.8p4 and earlier. Remediation: upgrade ntp/ntpd to a fixed release (upstream fix vs. later advisories in...

6.5CVSS6AI score0.03147EPSS
Exploits1References9Affected Software1
Rows per page
Query Builder