CRITICAL9.8CVE-2018-12327Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher pr… from 0
CRITICAL9.8CVE-2018-7183Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leve… from 0, < 1:4.2.8p11+dfsg-1
CRITICAL9.8Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
from 0, < 1:4.2.8p4+dfsg-1
CRITICAL9.8The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitr…
from 0, < 1:4.2.8p4+dfsg-1
CRITICAL9.8The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large…
from 0, < 1:4.2.8p4+dfsg-3
HIGH8.8Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated u…
from 0, < 1:4.2.8p4+dfsg-1
HIGH8.8Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly exe…
from 0, < 1:4.2.8p4+dfsg-1
HIGH8.8Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspe…
from 0, < 1:4.2.8p10+dfsg-1
HIGH8.8Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have…
from 0, < 1:4.2.8p10+dfsg-1
HIGH7.8The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on U…
from 0, < 1:4.2.8p9+dfsg-2
HIGH7.8Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows l…
from 0, < 1:4.2.8p10+dfsg-1
HIGH7.7ntp - security update
from 0, < 1:4.2.8p7+dfsg-1
HIGH7.7ntp - security update
from 0, < 1:4.2.6.p5+dfsg-2+deb7u7
HIGH7.7ntp - security update
from 0, < 1:4.2.6.p5+dfsg-7+deb8u2
HIGH7.5ntp - security update
from 0, < 1:4.2.6.p5+dfsg-7+deb8u3
HIGH7.5ntp - security update
from 0, < 1:4.2.8p14+dfsg-1
HIGH7.5NTP through 4.2.8p12 has a NULL Pointer Dereference.
from 0, < 1:4.2.8p12+dfsg-4
HIGH7.5The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending…
from 0, < 1:4.2.8p11+dfsg-1
HIGH7.5ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a de…
from 0, < 1:4.2.8p11+dfsg-1
HIGH7.5The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via…
from 0, < 1:4.2.8p11+dfsg-1
HIGH7.5ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machi…
from 0, < 1:4.2.6.p5+dfsg-7
HIGH7.5The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of craf…
from 0, < 1:4.2.8p4+dfsg-3
HIGH7.5Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a de…
from 0, < 1:4.2.8p4+dfsg-1
HIGH7.5The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
from 0, < 1:4.2.8p4+dfsg-1
HIGH7.5The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
from 0, < 1:4.2.8p4+dfsg-1
HIGH7.5The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote…
from 0, < 1:4.2.8p4+dfsg-1
HIGH7.5The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 millisec…
from 0, < 1:4.2.8p4+dfsg-2
HIGH7.5The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which…
from 0, < 1:4.2.8p3+dfsg-1
HIGH7.5ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted stat…
from 0, < 1:4.2.8p3+dfsg-1
HIGH7.5The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd c…
from 0, < 1:4.2.8p3+dfsg-1
HIGH7.5NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by se…
from 0, < 1:4.2.8p7+dfsg-1
HIGH7.5NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist co…
from 0, < 1:4.2.8p7+dfsg-1
HIGH7.5The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
from 0, < 1:4.2.8p9+dfsg-1
HIGH7.5NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which all…
from 0, < 1:4.2.8p9+dfsg-1
HIGH7.5An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted priva…
from 0, < 1:4.2.8p4+dfsg-1
HIGH7.5ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet.
from 0, < 1:4.2.8p8+dfsg-1
HIGH7.5The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-var…
from 0, < 1:4.2.8p8+dfsg-1
HIGH7.5ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spo…
from 0, < 1:4.2.8p8+dfsg-1
HIGH7.4ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time chang…
from 0, < 1:4.2.8p14+dfsg-1
HIGH7.2An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for tha…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM6.5Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do…
from 0, < 1:4.2.8p4+dfsg-1
MEDIUM6.5The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
from 0, < 1:4.2.8p4+dfsg-1
MEDIUM6.5ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or…
from 0, < 1:4.2.8p4+dfsg-1
MEDIUM6.5The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
from 0, < 1:4.2.8p4+dfsg-1
MEDIUM6.5NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode configur…
from 0, < 1:4.2.8p10+dfsg-1
MEDIUM6.5NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid se…
from 0, < 1:4.2.8p10+dfsg-1
MEDIUM6.5NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM6.5The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control m…
from 0, < 1:4.2.8p9+dfsg-1
MEDIUM6.5A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM6.4praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write.
from 0
MEDIUM6.2The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an atta…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.9An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9.
from 0, < 1:4.2.8p10+dfsg-1
MEDIUM5.9ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 r…
from 0, < 1:4.2.8p4+dfsg-1
MEDIUM5.9ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request dat…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.9The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of servic…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.9ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a nt…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.9ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereferenc…
from 0, < 1:4.2.8p9+dfsg-1
MEDIUM5.9ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and a…
from 0, < 1:4.2.8p8+dfsg-1
MEDIUM5.6mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character.
from 0
MEDIUM5.6mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number.
from 0
MEDIUM5.6mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point.
from 0
MEDIUM5.6mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop.
from 0
MEDIUM5.3ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock wit…
from 0, < 1:4.2.8p14+dfsg-1
MEDIUM5.3An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could…
from 0, < 1:4.2.8p3+dfsg-1
MEDIUM5.3ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrari…
from 0, < 1:4.2.8p11+dfsg-1
MEDIUM5.3ntp - security update
from 0, < 1:4.2.6.p5+dfsg-2+deb7u6
MEDIUM5.3ntp - security update
from 0, < 1:4.2.6.p2+dfsg-1+deb6u4
MEDIUM5.3ntp - security update
from 0, < 1:4.2.8p3+dfsg-1
MEDIUM5.3The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.3NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leve…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.3NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by usi…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.3ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.3NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin ti…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.3NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown…
from 0, < 1:4.2.8p9+dfsg-1
MEDIUM5.3NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero.
from 0, < 1:4.2.8p9+dfsg-1
MEDIUM5.3An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f4…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.3An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec a5fb34b9cc89b92a8fe…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM5.3ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spo…
from 0, < 1:4.2.8p8+dfsg-1
MEDIUM4.9ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sen…
from 0, < 1:4.2.8p15-1
MEDIUM4.8The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM4.3The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters…
from 0, < 1:4.2.8p7+dfsg-1
MEDIUM4.3ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a…
from 0, < 1:4.2.8p9+dfsg-1
MEDIUM4.3The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reje…
from 0, < 1:4.2.8p9+dfsg-1
LOW3.7NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cau…
from 0, < 1:4.2.8p9+dfsg-1
—The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a sour…
from 0, < 1:4.2.6.p5+dfsg-4
—ntp - incomplete fix
from 0, < 1:4.2.6.p2+dfsg-1+deb6u2
—ntp - incomplete fix
from 0, < 1:4.2.6.p5+dfsg-5
—ntp - incomplete fix
from 0, < 1:4.2.6.p5+dfsg-2+deb7u3
—ntp - incomplete fix
from 0, < 1:4.2.6.p5+dfsg-2+deb7u2
—The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4.2.8p2 performs state-variable updates…
from 0, < 1:4.2.6.p5+dfsg-6
—ntp - security update
from 0, < 1:4.2.6.p5+dfsg-6
—ntp - security update
from 0, < 1:4.2.6.p2+dfsg-1+deb6u3
—ntp - security update
from 0, < 1:4.2.6.p5+dfsg-2+deb7u4
—The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 continues to execute after detecting a certain authentication error, which…
from 0, < 1:4.2.6.p5+dfsg-3.2
—Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allow remote attackers to execute arbitrary code via a crafted packet, re…
from 0, < 1:4.2.6.p5+dfsg-3.2
—util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptogr…
from 0, < 1:4.2.6.p5+dfsg-3.2
—ntp - security update
from 0, < 1:4.2.6.p5+dfsg-3.2
—ntp - security update
from 0, < 1:4.2.6.p2+dfsg-1+deb6u1
—ntp - security update
from 0, < 1:4.2.6.p5+dfsg-2+deb7u1
—The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplifica…
from 0, < 1:4.2.8p3+dfsg-1
—ntp - denial of service
from 0, < 1:4.2.2.p4+dfsg-2etch4
—ntp - denial of service
from 0, < 1:4.2.4p8+dfsg-1
—Stack-based buffer overflow in the crypto_recv function in ntp_crypto.c in ntpd in NTP before 4.2.4p7 and 4.2.5 before 4.2.5p74, when OpenS…
from 0, < 1:4.2.4p6+dfsg-2
—ntp - several vulnerabilities
from 0, < 1:4.2.2.p4+dfsg-2etch3
—ntp - several vulnerabilities
from 0, < 1:4.2.4p6+dfsg-2
—ntp - cryptographic weakness
from 0, < 1:4.2.2.p4+dfsg-2etch1
—ntp - cryptographic weakness
from 0, < 1:4.2.4p4+dfsg-8
—ntp - programming error
from 0, < 1:4.2.0a+stable-2sarge1
—ntp - programming error
from 0, < 1:4.2.0a+stable-2sarge1
—Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a da…
from 0, < 4.0