CLSA-2024-1735122554 ntp: Fix of CVE-2020-13817

CVE-2020-13817: randomize transmit timestamp in client requests...

Brocade Fabric OS (8.2.3x Release) Vulnerability Disclosures

Brocade Security Advisories==================================================Previously disclosed Brocade Security Advisories in 8.2.3x releases CVEs addressed in FOS v8.2.3e1 CVE-2024-5461 Command or parameter injection via unique embedded switch SNMP commands PSIRT Risk:...

Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26551]

Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26551 Vulnerability Details CVEID:CVE-2023-26551 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...

Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26554]

Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26554 Vulnerability Details CVEID:CVE-2023-26554 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...

Security Bulletin: Vulnerability in Network Time Protocol (NTP) affects IBM Integrated Analytics System [CVE-2023-26552]

Summary Redhat provided Network Time Protocol NTP is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-26552 Vulnerability Details CVEID:CVE-2023-26552 DESCRIPTION: NTP is vulnerable to a denial of service, caused by an out-of-bound...

PTZOptics PT30X-SDI/NDI-xx 安全漏洞

PTZOptics PT30X-SDI/NDI-xx is a series of HD cameras from PTZOptics. A security vulnerability exists in PTZOptics PT30X-SDI/NDI-xx versions prior to 6.3.40, which stems from insufficient validation of the ntpaddr configuration value. An attacker could use this vulnerability to execute arbitrary...

PT-2024-38056 · F Logic · F-Logic Datacube3

Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically in the file /admin/config time sync.php. The manipulation of the ntp server argument leads to os command...

SUSE CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such ...

ROS-20240704-09

Vulnerability of the chronyd daemon implementation of Network Time Protocol NTP Chrony is related to incorrect reference definition before accessing a file in /var/run/chrony directory. Exploitation the vulnerability could allow an attacker to cause a denial of service by using a specially crafte...

UBUNTU-CVE-2024-38528

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such ...

PT-2024-3691 · Totolink · Totolink Cp450

Name of the Vulnerable Software and Affected Versions: TOTOLINK CP450 versions 4.1.0cu.747 B20191224 Description: The issue is related to the NTPSyncWithHost function of the Request Handler component in the TOTOLINK CP450 router's firmware, which fails to properly sanitize data at the management...

TRENDnet TEW-815DAP 安全漏洞

The TRENDnet TEW-815DAP is a wireless access point from Trendnet, Inc. A security vulnerability exists in TRENDnet TEW-815DAP version 1.0.2. that originates from an easy command injection attack via the dosetNTP function...

Multiple NTP vulnerabilities resolved (CVE-2023-26551, CVE-2023-26552, CVE-2023-26553, CVE-2023-26554, CVE-2023-26555)

CVE-2023-26551 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. Base Score: 5.6 MEDIUM Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2023-26552 mstolfp in...

TRENDnet TEW-824DRU Command Injection Vulnerability

The TRENDnet TEW-824DRU is a dual-band wireless router from Trendnet. A command injection vulnerability exists in the TRENDnet TEW-824DRU version 1.04b01, which stems from the system.ntp.server in the sub420AE0 function being susceptible to a command injection attack...

Medium: ntp

Issue Overview: mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. CVE-2023-26551 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. CVE-2023-26552 mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an...

CVE-2023-51023

TOTOlink EX1800T v9.1.0cu.2112B20220316 is vulnerable to arbitrary command execution in the ‘hosttime’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi...

TOTOLINK EX1800T 安全漏洞

The TOTOLINK EX1800T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. A command execution vulnerability exists in the TOTOLINK EX1800T setNtpCfg interface. The vulnerability stems from the failure of the tz parameter of the setNtpCfg interface of cstecgi .cgi to properly filter...

Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in Network Time Protocol (NTP)

Summary The following vulnerabilities in Network Time Protocol NTP have been addressed by IBM Flex System Chassis Management Module CMM. Vulnerability Details CVEID: CVE-2020-11868 DESCRIPTION: NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet wit...

PT-2023-30777 · Microsoft · Azure Rtos Netx Duo

Name of the Vulnerable Software and Affected Versions: Azure RTOS NetX Duo versions prior to 6.3.0 Description: The issue affects Azure RTOS NetX Duo, a TCP/IP network stack for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow...

PT-2023-35597 · Pcpp · Pcpp

Name of the Vulnerable Software and Affected Versions: pcpp affected versions not specified Description: The issue is related to a stack-buffer-overflow read error. It occurs in the getReferenceIdentifierString function within the NtpLayer of the pcpp library, which is called by the...