27 matches found
CVE-2018-15473
OpenSSH vulnerability CVE-2018-15473 affects OpenSSH up to version 7.7, where the server may enumerate valid usernames by returning different responses for invalid authentication attempts due to not delaying bailout until after the request packet is parsed (auth2-gss.c, auth2-hostbased.c, auth2-p...
CVE-2016-10708
OpenSSH sshd before 7.4 is vulnerable to a denial of service caused by a NULL pointer dereference when processing an out-of-sequence NEWKEYS message (kex.c/packet.c). This affects the OpenSSH server; exploitation leads to daemon crash as demonstrated by Honggfuzz. Affected products include OpenSS...
CVE-2020-1971
CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...
CVE-2020-11868
NTOP vulnerability CVE-2020-11868 affects ntp in ntp (before 4.2.8p14 and 4.3.x before 4.3.100). An off-path attacker can block unauthenticated synchronization by sending a server-mode packet with a spoofed source IP, because transmissions can be rescheduled even when the origin timestamp is inva...
CVE-2020-13817
CVE-2020-13817 affects ntp’s ntpd prior to 4.2.8p14 and 4.3.x prior to 4.3.100. An off‑path attacker can predict transmit timestamps in spoofed UDP packets to remote ntpd, causing a DoS via daemon exit or system time change when the victim relies on unauthenticated IPv4 time sources. Connected so...
CVE-2019-8936
CVE-2019-8936 concerns NTP (ntpd) up to version 4.2.8p12. The vulnerability arises from a NULL pointer dereference in mode 6 handling, which can cause ntpd to crash and thus a denial of service. Public documents describe authenticated-mode mode-6 packet exploitation and a crash vector, with multi...
CVE-2015-7871
CVE-2015-7871 is an authentication-bypass vulnerability in ntpd caused by handling of crypto-NAK packets. A remote, unauthenticated attacker could force ntpd to peer with attacker-controlled time sources, bypassing authentication and potentially tampering time data. Affected series include NTP 4....
CVE-2016-8610
CVE-2016-8610 is a denial-of-service flaw in OpenSSL affecting TLS/SSL alert packet processing during handshakes. The issue exists in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0, enabling a remote attacker to cause high CPU usage and denial of service by sending many alert messages. Con...
CVE-2018-18066
Net-SNMP CVE-2018-18066 is a NULL pointer dereference in snmp_oid_compare() within snmplib/snmp_api.c, affecting Net-SNMP versions before 5.8. An unauthenticated remote attacker can crash the agent by sending a crafted UDP packet, enabling a Denial of Service. Affected product scope includes Net-...
CVE-2018-18065
CVE-2018-18065 affects Net-SNMP before 5.8. The vulnerability is a NULL pointer dereference in _set_key within agent/helpers/table_container.c, which an authenticated attacker can exploit by sending a crafted UDP packet to remotely crash the SNMP service (DoS). Documented CVSS v3 base score is 6....
CVE-2015-7853
CVE-2015-7853 affects the refclock driver in ntpd (NTP) with the datalen parameter: in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77, a negative datalen value can overflow a data buffer, enabling remote attackers to execute arbitrary code or cause a crash. Concrete details across connected adv...
CVE-2015-7705
CVE-2015-7705 describes a DoS vulnerability in NTP’s rate-limiting: remote attackers can cause a client to delay/stop querying time sources by sending forged Kiss-of-Death messages. Affected are NTPd 4.x before 4.2.8p4 and 4.3.x before 4.3.77; multiple vendors (e.g., F5 BIG-IP, Debian, Arista/EOS...
CVE-2015-7704
CVE-2015-7704 describes a denial-of-service in ntpd caused by handling of Kiss-of-Death (KoD) messages. The issue arises from KoD processing that could delay or stop querying time sources. Affected software: ntpd in NTP 4.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77. Impact: unauthenticated remot...
CVE-2016-2518
CVE-2016-2518 affects NTP ntpd: MATCH_ASSOC() can trigger an out-of-bounds reference when handling addpeer with a large hmode. Affected versions are ntpd before 4.2.8p9 and 4.3.x before 4.3.92. Impact is a potential crash/denial of service via crafted packets. Mitigation: upgrade to fixed release...
CVE-2015-7691
CVE-2015-7691 affects ntpd’s crypto_xmit handling in NTP 4.2.x (before 4.2.8p4) and 4.3.x (before 4.3.77). The flaw arises from incomplete validation of autokey operations in crafted packets, allowing a remote attacker to crash ntpd (denial of service). This is tied to an incomplete fix of CVE-20...
CVE-2015-7701
CVE-2015-7701 involves a memory leak in ntpd’s CRYPTO_ASSOC when autokey is enabled. Affected: ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Impact: potential denial of service due to memory exhaustion. Remediation: upgrade to fixed ntp releases (e.g., 4.2.8p4+ or 4.3.77+); or disable...
CVE-2015-7850
CVE-2015-7850 affects ntpd/NTP with remote configuration enabled; vulnerability caused by pointing the key file at the log file, leading to DoS (infinite loop or crash) and potentially large logs. Affected: ntpd in 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Mitigation/remediation documented ac...
CVE-2015-7855
CVE-2015-7855 affects ntpd in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The decodenetnum() function can assert-botch when processing mode 6 or mode 7 packets with an unusually long data value, enabling a remote attacker to cause ntpd to crash (denial of service). Public references indicat...
CVE-2015-7692
CVE-2015-7692 affects ntpd (NTP) prior to 4.2.8p4 for 4.2.x and 4.3.77 for 4.3.x. The flaw is in the crypto_xmit function (ntp_crypto.c) and can cause remote DoS crashes. This entry notes it as a continuation of an incomplete fix for CVE-2014-9750. No specific patched versions are provided in the...
CVE-2015-7703
CVE-2015-7703: ntpd remote configuration feature exposes a file overwrite risk via the :config command when remote configuration is enabled and the attacker knows the configuration password. Affected: ntpd 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. Connected documents confirm this as a real vu...
CVE-2015-7702
CVE-2015-7702 affects ntpd’s crypto_xmit implementation in NTP 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77, allowing remote attackers to crash ntpd (DoS). The issue stems from an incomplete fix for CVE-2014-9750. Public advisories note the vulnerability and that updates have been released (e.g.,...
CVE-2018-18605
CVE-2018-18605 affects GNU Binutils libbfd (BFD) where a heap-based buffer over-read occurs in sec_merge_hash_lookup during section merges when entsize does not divide the size. This can allow remote DoS via specially crafted ELF (as demonstrated by ld). Affected products reference Binutils 2.31;...
CVE-2018-18607
CVE-2018-18607 is a NULL pointer dereference in elf_link_input_bfd (elfin GNU Binutils libbfd) when locating STT_TLS symbols without a TLS section. A crafted ELF can cause denial of service (DoS); impact is consistent with DoS in affected Binutils 2.31, including remote triggering via ld in demon...
CVE-2015-7852
CVE-2015-7852 is an off-by-one vulnerability in ntpq’s cookedprint() which can allow a crafted mode 6 packet to cause a buffer overflow and crash ntpd. Public references (Debian DSA-3388-1, CentOS advisories) confirm ntpq/cookedprint as the vulnerable component and describe a DoS via remote craft...
CVE-2018-18606
CVE-2018-18606 affects GNU Binutils (libbfd). The issue is a NULL pointer dereference in _bfd_add_merge_section during merging of sections with large alignments, enabling DoS via crafted ELF. Multiple vendors document this under Binutils remediation; confirmed fixes involve upgrading Binutils to ...
CVE-2015-7849
CVE-2015-7849 is a use-after-free vulnerability in ntpd (NTP) affecting 4.2.x before 4.2.8p4 and 4.3.x before 4.3.77. The available connected documents describe that remote authenticated users can potentially execute arbitrary code or cause a denial of service (crash) by sending crafted NTP packe...
CVE-2015-7854
CVE-2015-7854 is a memory corruption vulnerability in ntpd’s password management. A crafted key file can trigger a buffer overflow, potentially crashing the daemon or allowing arbitrary code execution by remote authenticated users. Affected are NTP 4.2.x prior to 4.2.8p4 and 4.3.x prior to 4.3.77...