CVE-2019-8936

NTP through 4.2.8p12 has a NULL Pointer Dereference...

CVE-2018-7183

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array...

CVE-2018-7185

CVE-2018-7185 affects ntp protocol engine in ntp 4.2.6 before 4.2.8p11, where a remote attacker can send crafted packets with a zero-origin timestamp and the source IP of the other side of an interleaved association to cause the victim ntpd to reset its association, producing a denial of service....

CVE-2016-2517

NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service prevent subsequent authentication by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE:...

CVE-2015-7974

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."...

CVE-2009-0021

NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to...