Lucene search
K

25 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.44 views

K17515: NTP vulnerability CVE-2015-7855

Security Advisory Description The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value. CVE-2015-7855 Impact A locally authenticated user may ...

6.5CVSS6.3AI score0.31068EPSS
Exploits4Affected Software23
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.45 views

EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1222)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a...

9.8CVSS7AI score0.81762EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2018/09/20 12:0 a.m.60 views

Amazon Linux AMI : ntp (ALAS-2018-1083)

ntpd in ntp 4.2.x before 4.2.8p7 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for...

9.8CVSS7.5AI score0.29037EPSS
Exploits6References3
NVD
NVD
added 2017/08/07 8:29 p.m.28 views

CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

9.8CVSS9.6AI score0.11781EPSS
Exploits0References28
Prion
Prion
added 2017/08/07 8:29 p.m.22 views

Code injection

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file...

4CVSS6.6AI score0.04973EPSS
Exploits0References7Affected Software2
Prion
Prion
added 2017/08/07 8:29 p.m.17 views

Code injection

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets...

4.3CVSS6.9AI score0.12282EPSS
Exploits0References9Affected Software9
Prion
Prion
added 2017/08/07 8:29 p.m.22 views

Buffer overflow

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file...

6.5CVSS8.4AI score0.1456EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2017/08/07 8:29 p.m.18 views

CVE-2015-7850

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file...

6.5CVSS7.3AI score0.04973EPSS
Exploits0References7
NVD
NVD
added 2017/08/07 8:29 p.m.19 views

CVE-2015-7852

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets...

5.9CVSS7.2AI score0.12282EPSS
Exploits0References9
Prion
Prion
added 2017/08/07 8:29 p.m.21 views

Memory corruption

Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption...

5CVSS6.9AI score0.06519EPSS
Exploits0References10Affected Software9
UbuntuCve
UbuntuCve
added 2017/08/07 8:29 p.m.32 views

CVE-2015-7854

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file...

8.8CVSS7.3AI score0.1456EPSS
Exploits0References4
OSV
OSV
added 2017/08/07 8:29 p.m.6 views

CVE-2015-7854

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file...

8.8CVSS9.6AI score
Exploits0References8
Cvelist
Cvelist
added 2017/08/07 8:0 p.m.22 views

CVE-2015-7850

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file...

7.4AI score0.04973EPSS
Exploits0References7
CVE
CVE
added 2017/08/07 8:0 p.m.124 views

CVE-2015-7849

CVE-2015-7849 is a use-after-free vulnerability in ntpd (NTP) affecting 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The available connected documents describe that remote authenticated users can potentially execute arbitrary code or cause a denial of service (crash) by sending crafted NTP packe...

8.8CVSS9.1AI score0.16848EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2017/08/07 8:0 p.m.25 views

CVE-2015-7701

Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption...

8.3AI score0.06519EPSS
Exploits0References10
Cvelist
Cvelist
added 2017/08/07 8:0 p.m.24 views

CVE-2015-7852

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets...

7.2AI score0.12282EPSS
Exploits0References9
CVE
CVE
added 2017/08/07 8:0 p.m.325 views

CVE-2015-7871

CVE-2015-7871 is an authentication-bypass vulnerability in ntpd caused by handling of crypto-NAK packets. A remote, unauthenticated attacker could force ntpd to peer with attacker-controlled time sources, bypassing authentication and potentially tampering time data. Affected series include NTP 4....

9.8CVSS9.3AI score0.81762EPSS
Exploits2References10Affected Software1
Debian CVE
Debian CVE
added 2017/08/07 8:0 p.m.42 views

CVE-2015-7692

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...

7.5CVSS7.8AI score0.07336EPSS
Exploits0
Debian CVE
Debian CVE
added 2017/08/07 8:0 p.m.35 views

CVE-2015-7850

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file...

6.5CVSS6AI score0.04973EPSS
Exploits0
Cvelist
Cvelist
added 2017/01/30 9:0 p.m.32 views

CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename...

5.8AI score0.03483EPSS
Exploits0References17
Rows per page
Query Builder