Lucene search
+L

595 matches found

vulnrichment
vulnrichment
added 2024/06/28 7:28 p.m.13 views

CVE-2024-38528 Unlimited number of NTS-KE connections can crash ntpd-rs server

nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such ...

7.5CVSS7AI score0.00717EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/06/28 12:0 a.m.4 views

ntpd-rs Security Vulnerability

ntpd-rs is a tool for synchronizing computer clocks with the NTP and NTS protocols. A security vulnerability exists in ntpd-rs. A remote attacker could use this vulnerability to crash ntpd-rs while configuring the NTS-KE server...

7.5CVSS6.8AI score0.00717EPSS
Exploits0References3
openvas
openvas
added 2024/06/07 12:0 a.m.6 views

Fedora: Security Advisory for ntpd-rs (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
openvas
openvas
added 2024/05/27 12:0 a.m.6 views

Fedora: Security Advisory for ntpd-rs (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
nessus
nessus
added 2024/05/11 12:0 a.m.29 views

RHEL 6 : ntp (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks...

7.3AI score0.16351EPSS
Exploits4References15
f5
f5
added 2024/03/25 7:55 p.m.39 views

K000139026: NTP vulnerability CVE-2009-3563

Security Advisory Description ntprequest.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service CPU and bandwidth consumption by using MODEPRIVATE to send a spoofed 1 request or 2 response packet that triggers a continuous exchange of MODEPRIVATE error...

6.4CVSS7.5AI score0.32288EPSS
Exploits3
openvas
openvas
added 2024/02/20 12:0 a.m.15 views

NTPsec < 1.2.2a DoS Vulnerability

NTPsec is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntpsec:ntpsec";...

7.5CVSS7.4AI score0.00377EPSS
Exploits0References3
nessus
nessus
added 2024/01/16 12:0 a.m.24 views

EulerOS Virtualization 2.9.1 : ntp (EulerOS-SA-2023-2964)

According to the versions of the ntp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack ...

6.4CVSS6.4AI score0.00703EPSS
Exploits0References6
nessus
nessus
added 2024/01/16 12:0 a.m.23 views

EulerOS Virtualization 2.9.0 : ntp (EulerOS-SA-2023-2990)

According to the versions of the ntp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack ...

6.4CVSS6.4AI score0.00703EPSS
Exploits0References6
nessus
nessus
added 2024/01/16 12:0 a.m.35 views

EulerOS 2.0 SP11 : ntp (EulerOS-SA-2023-2658)

According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq...

6.4CVSS6.4AI score0.00703EPSS
Exploits0References6
nessus
nessus
added 2024/01/09 12:0 a.m.30 views

Amazon Linux 2 : ntp (ALAS-2024-2396)

The version of ntp installed on the remote host is prior to 4.2.8p15-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2396 advisory. 2024-02-15: CVE-2023-26555 was added to this advisory. mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds wri...

6.4CVSS6.5AI score0.00703EPSS
Exploits0References12
nessus
nessus
added 2023/11/15 12:0 a.m.21 views

Rockwell Automation Stratix Network Time Protocol Reference Clock Memory Corruption (CVE-2015-7853)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

9.8CVSS6.7AI score0.11781EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.28 views

Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7692)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

7.5CVSS7.2AI score0.07336EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.24 views

Rockwell Automation Stratix Denial of Service CRYPTO_ASSOC Memory Leak (CVE-2015-7701)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

7.5CVSS7.2AI score0.06519EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.39 views

Rockwell Automation Stratix Denial of Service by Spoofed Kiss-o'-Death (CVE-2015-7704)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

7.5CVSS7AI score0.1095EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.21 views

Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7691)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

7.5CVSS7.2AI score0.07103EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.29 views

Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7702)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

6.5CVSS7AI score0.05207EPSS
Exploits0References4
nessus
nessus
added 2023/11/15 12:0 a.m.31 views

Rockwell Automation Stratix Denial of Service by Priming the Pump (CVE-2015-7705)

Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...

9.8CVSS6.7AI score0.12351EPSS
Exploits0References4
github
github
added 2023/08/24 10:18 p.m.12 views

ntpd has Dependency on Vulnerable Third-Party Component

During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...

6.9AI score
Exploits0References4Affected Software1
susecve
susecve
added 2023/08/08 1:32 a.m.4 views

SUSE CVE-2023-4012

ntpd will crash if the server is not NTS-enabled no certificate and it receives an NTS-enabled client request mode 3...

7.5CVSS7AI score0.00377EPSS
Exploits0References3
Rows per page
Query Builder