595 matches found
CVE-2024-38528 Unlimited number of NTS-KE connections can crash ntpd-rs server
nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. There is a missing limit for accepted NTS-KE connections. This allows an unauthenticated remote attacker to crash ntpd-rs when an NTS-KE server is configured. Non NTS-KE server configurations, such ...
ntpd-rs Security Vulnerability
ntpd-rs is a tool for synchronizing computer clocks with the NTP and NTS protocols. A security vulnerability exists in ntpd-rs. A remote attacker could use this vulnerability to crash ntpd-rs while configuring the NTS-KE server...
Fedora: Security Advisory for ntpd-rs (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for ntpd-rs (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 : ntp (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ntp: Using port 123 for modes where a fixed port number is not required facilitates off-path attacks...
K000139026: NTP vulnerability CVE-2009-3563
Security Advisory Description ntprequest.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service CPU and bandwidth consumption by using MODEPRIVATE to send a spoofed 1 request or 2 response packet that triggers a continuous exchange of MODEPRIVATE error...
NTPsec < 1.2.2a DoS Vulnerability
NTPsec is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ntpsec:ntpsec";...
EulerOS Virtualization 2.9.1 : ntp (EulerOS-SA-2023-2964)
According to the versions of the ntp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack ...
EulerOS Virtualization 2.9.0 : ntp (EulerOS-SA-2023-2990)
According to the versions of the ntp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack ...
EulerOS 2.0 SP11 : ntp (EulerOS-SA-2023-2658)
According to the versions of the ntp packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cpcpdec while loop. An adversary may be able to attack a client ntpq...
Amazon Linux 2 : ntp (ALAS-2024-2396)
The version of ntp installed on the remote host is prior to 4.2.8p15-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2396 advisory. 2024-02-15: CVE-2023-26555 was added to this advisory. mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds wri...
Rockwell Automation Stratix Network Time Protocol Reference Clock Memory Corruption (CVE-2015-7853)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7692)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Denial of Service CRYPTO_ASSOC Memory Leak (CVE-2015-7701)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Denial of Service by Spoofed Kiss-o'-Death (CVE-2015-7704)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7691)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Denial of Service AutoKey Malicious Message (CVE-2015-7702)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
Rockwell Automation Stratix Denial of Service by Priming the Pump (CVE-2015-7705)
Multiple Cisco products incorporate a version of the ntpd package. Versions of this package are affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to create a denial of service DoS condition or modify the time being advertised by a device acting as a...
ntpd has Dependency on Vulnerable Third-Party Component
During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...
SUSE CVE-2023-4012
ntpd will crash if the server is not NTS-enabled no certificate and it receives an NTS-enabled client request mode 3...