Lucene search
K

18 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.44 views

K17515: NTP vulnerability CVE-2015-7855

Security Advisory Description The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value. CVE-2015-7855 Impact A locally authenticated user may ...

6.5CVSS6.3AI score0.31068EPSS
Exploits4Affected Software23
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.61 views

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2019-2066)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.9AI score0.81762EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2019/04/09 12:0 a.m.45 views

EulerOS Virtualization 2.5.3 : ntp (EulerOS-SA-2019-1222)

According to the versions of the ntp packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a...

9.8CVSS7AI score0.81762EPSS
Exploits2References5
Prion
Prion
added 2017/08/09 4:29 p.m.33 views

Design/Logic Flaw

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not , which might allow remote attackers to obtain the value of generated MD5...

5CVSS6.8AI score0.05292EPSS
Exploits0References14Affected Software12
Cvelist
Cvelist
added 2017/08/09 4:0 p.m.34 views

CVE-2015-3405

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not , which might allow remote attackers to obtain the value of generated MD5...

7.3AI score0.05292EPSS
Exploits0References14
OSV
OSV
added 2017/08/07 8:29 p.m.7 views

CVE-2015-7854

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file...

8.8CVSS9.6AI score
Exploits0References8
Prion
Prion
added 2017/08/07 8:29 p.m.22 views

Buffer overflow

Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted key file...

6.5CVSS8.4AI score0.1456EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2017/08/07 8:29 p.m.18 views

Code injection

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets...

4.3CVSS6.9AI score0.12282EPSS
Exploits0References9Affected Software9
NVD
NVD
added 2017/08/07 8:29 p.m.19 views

CVE-2015-7850

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file...

6.5CVSS7.3AI score0.04973EPSS
Exploits0References7
NVD
NVD
added 2017/08/07 8:29 p.m.29 views

CVE-2015-7853

The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service crash via a negative input value...

9.8CVSS9.6AI score0.11781EPSS
Exploits0References28
CVE
CVE
added 2017/08/07 8:0 p.m.325 views

CVE-2015-7871

CVE-2015-7871 is an authentication-bypass vulnerability in ntpd caused by handling of crypto-NAK packets. A remote, unauthenticated attacker could force ntpd to peer with attacker-controlled time sources, bypassing authentication and potentially tampering time data. Affected series include NTP 4....

9.8CVSS9.3AI score0.81762EPSS
Exploits2References10Affected Software1
Cvelist
Cvelist
added 2017/08/07 8:0 p.m.25 views

CVE-2015-7701

Memory leak in the CRYPTOASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service memory consumption...

8.3AI score0.06519EPSS
Exploits0References10
Cvelist
Cvelist
added 2017/08/07 8:0 p.m.24 views

CVE-2015-7852

ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted mode 6 response packets...

7.2AI score0.12282EPSS
Exploits0References9
Cvelist
Cvelist
added 2017/08/07 8:0 p.m.24 views

CVE-2015-7850

ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service infinite loop or crash by pointing the key file at the log file...

7.4AI score0.04973EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2017/08/07 8:0 p.m.42 views

CVE-2015-7692

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...

7.5CVSS7.8AI score0.07336EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/10/22 12:0 a.m.39 views

CVE-2015-7855

The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service assertion failure via a 6 or mode 7 packet containing a long data value...

6.5CVSS6.8AI score0.31068EPSS
Exploits4References3
UbuntuCve
UbuntuCve
added 2015/10/22 12:0 a.m.30 views

CVE-2015-7691

The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750...

7.5CVSS7.2AI score0.07103EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2015/10/22 12:0 a.m.30 views

CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication...

9.8CVSS6.8AI score0.81762EPSS
Exploits2References5
Rows per page
Query Builder