Search CVE reports


Toggle filters

11 – 20 of 107 results


CVE-2018-8956

Low priority
Needs evaluation

ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be...

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-11868

Low priority
Needs evaluation

ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address, because transmissions are rescheduled even when a...

2 affected packages

ntp, ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ntpsec Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2015-7851

Medium priority
Not affected

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote...

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp
Show less packages

CVE-2014-5209

Low priority
Ignored

An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not in release Not affected Not affected Not affected Not affected
Show less packages

CVE-2019-8936

Medium priority

Some fixes available 6 of 9

NTP through 4.2.8p12 has a NULL Pointer Dereference.

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Fixed Fixed Fixed Not affected
Show less packages

CVE-2019-6445

Medium priority
Fixed

An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.

1 affected package

ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntpsec Fixed Not in release
Show less packages

CVE-2019-6444

Medium priority
Fixed

An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.

1 affected package

ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntpsec Fixed Not in release
Show less packages

CVE-2019-6443

Medium priority
Fixed

An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.

1 affected package

ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntpsec Fixed Not in release
Show less packages

CVE-2019-6442

Medium priority
Fixed

An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and...

1 affected package

ntpsec

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntpsec Fixed Not in release
Show less packages

CVE-2018-12327

Negligible priority

Some fixes available 3 of 5

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter....

1 affected package

ntp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ntp Not affected Not affected Fixed Fixed
Show less packages