National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:ntp:ntp:4.3.78
There are 23 matching records.
Displaying matches 21 through 23.
Vuln ID Summary CVSS Severity
CVE-2015-7975

The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash).

Published: January 30, 2017; 04:59:00 PM -05:00
V3: 6.2 MEDIUM
V2: 2.1 LOW
CVE-2015-7973

NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.

Published: January 30, 2017; 04:59:00 PM -05:00
V3: 6.5 MEDIUM
V2: 5.8 MEDIUM
CVE-2015-7974

NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key."

Published: January 26, 2016; 02:59:00 PM -05:00
V3: 6.3 MEDIUM
V2: 2.1 LOW