) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:ntp:ntp:4.2.4:p6
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-2519 |
ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value. Published: January 30, 2017; 4:59:01 PM -0500 |
V3.0: 5.9 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2016-2517 |
NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression. Published: January 30, 2017; 4:59:01 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2016-2516 |
NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive. Published: January 30, 2017; 4:59:01 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 7.1 HIGH |
| CVE-2015-8140 |
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. Published: January 30, 2017; 4:59:00 PM -0500 |
V3.0: 4.8 MEDIUM V2.0: 5.8 MEDIUM |
| CVE-2015-8139 |
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. Published: January 30, 2017; 4:59:00 PM -0500 |
V3.0: 5.3 MEDIUM V2.0: 5.0 MEDIUM |