Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:ntp:ntp:4.2.4:p5
There are 8 matching records.
Displaying matches 1 through 8.
Vuln ID Summary CVSS Severity
CVE-2015-8158

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-8138

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2015-7979

NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-7978

NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-7977

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-7976

The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename.

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2015-7975

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 6.2 MEDIUM
V2.0: 2.1 LOW
CVE-2015-7973

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

Published: January 30, 2017; 4:59:00 PM -0500
V3.0: 6.5 MEDIUM
V2.0: 5.8 MEDIUM