ntp (SUSE:Linux Enterprise Server 12-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12-LTSS package ntp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2018-7183 — CVSS 9.8 (critical): Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by…
CVE-2018-12327 — CVSS 9.8 (critical): Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher…
CVE-2017-6458 — CVSS 8.8 (high): Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have…
CVE-2017-6460 — CVSS 8.8 (high): Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have…
CVE-2017-6451 — CVSS 7.8 (high): The mx4200_send function in the legacy MX4200 refclock in NTP before 4.2.8p10 and 4.3.x before 4.3.94 does not properly handle the return…
CVE-2017-6462 — CVSS 7.8 (high): Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows…
CVE-2016-7426 — CVSS 7.5 (high): NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which…
CVE-2016-7434 — CVSS 7.5 (high): The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2018-7182 — CVSS 7.5 (high): The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via…
CVE-2018-7184 — CVSS 7.5 (high): ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the "received" timestamp, which allows remote attackers to cause a…
CVE-2018-7185 — CVSS 7.5 (high): The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending…
CVE-2015-5219 — CVSS 7.5 (high): The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which…
CVE-2016-1549 — CVSS 6.5 (medium): A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in…
CVE-2016-9310 — CVSS 6.5 (medium): The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control…
CVE-2017-6463 — CVSS 6.5 (medium): NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service (daemon crash) via an invalid…
CVE-2017-6464 — CVSS 6.5 (medium): NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to cause a denial of service (ntpd crash) via a malformed mode…
CVE-2016-9311 — CVSS 5.9 (medium): ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer…
CVE-2016-9042 — CVSS 5.9 (medium): An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted…
CVE-2016-7433 — CVSS 5.3 (medium): NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown…
CVE-2018-7170 — CVSS 5.3 (medium): ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create…
CVE-2016-7431 — CVSS 5.3 (medium): NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this…
CVE-2016-7428 — CVSS 4.3 (medium): ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a…
CVE-2016-7427 — CVSS 4.3 (medium): The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service…
CVE-2016-7429 — CVSS 3.7 (low): NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to…