ntp (SUSE:Manager 2.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager 2.1 package ntp, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (53)
CVE-2015-7853 — CVSS 9.8 (critical): The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute…
CVE-2015-7705 — CVSS 9.8 (critical): The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large…
CVE-2015-7871 — CVSS 9.8 (critical): Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
CVE-2015-7849 — CVSS 8.8 (high): Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly…
CVE-2015-7854 — CVSS 8.8 (high): Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated…
CVE-2015-7974 — CVSS 7.7 (high): NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might…
CVE-2015-7703 — CVSS 7.5 (high): The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote…
CVE-2015-7704 — CVSS 7.5 (high): The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of…
CVE-2015-7848 — CVSS 7.5 (high): An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted…
CVE-2015-5194 — CVSS 7.5 (high): The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd…
CVE-2015-5300 — CVSS 7.5 (high): The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128…
CVE-2016-7434 — CVSS 7.5 (high): The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2015-7691 — CVSS 7.5 (high): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2015-7692 — CVSS 7.5 (high): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2016-4957 — CVSS 7.5 (high): ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this…
CVE-2015-7978 — CVSS 7.5 (high): NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist…
CVE-2015-7979 — CVSS 7.5 (high): NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by…
CVE-2016-4953 — CVSS 7.5 (high): ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a…
CVE-2015-7701 — CVSS 7.5 (high): Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a…
CVE-2015-5219 — CVSS 7.5 (high): The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which…
CVE-2016-4954 — CVSS 7.5 (high): The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service…
CVE-2016-7426 — CVSS 7.5 (high): NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which…
CVE-2016-1548 — CVSS 7.2 (high): An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for…
CVE-2015-7850 — CVSS 6.5 (medium): ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or…
CVE-2015-7702 — CVSS 6.5 (medium): The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2015-7851 — CVSS 6.5 (medium): Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do…
CVE-2015-7855 — CVSS 6.5 (medium): The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service…
CVE-2015-7973 — CVSS 6.5 (medium): NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks…
CVE-2016-1549 — CVSS 6.5 (medium): A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in…
CVE-2016-9310 — CVSS 6.5 (medium): The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control…
CVE-2015-7975 — CVSS 6.2 (medium): The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an…
CVE-2016-9311 — CVSS 5.9 (medium): ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer…
CVE-2015-8158 — CVSS 5.9 (medium): The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of…
CVE-2016-2519 — CVSS 5.9 (medium): ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request…
CVE-2015-7977 — CVSS 5.9 (medium): ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a…
CVE-2016-4955 — CVSS 5.9 (medium): ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and…
CVE-2015-7852 — CVSS 5.9 (medium): ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6…
CVE-2016-2518 — CVSS 5.3 (medium): The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference…
CVE-2016-7433 — CVSS 5.3 (medium): NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown…
CVE-2015-8138 — CVSS 5.3 (medium): NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin…
CVE-2016-1547 — CVSS 5.3 (medium): An off-path attacker can cause a preemptible client association to be demobilized in NTP 4.2.8p4 and earlier and NTPSec…
CVE-2016-4956 — CVSS 5.3 (medium): ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a…
CVE-2015-8139 — CVSS 5.3 (medium): ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVE-2016-7431 — CVSS 5.3 (medium): NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero. NOTE: this…
CVE-2016-1550 — CVSS 5.3 (medium): An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f45…
CVE-2016-2516 — CVSS 5.3 (medium): NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by…
CVE-2016-2517 — CVSS 5.3 (medium): NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by…
CVE-2015-8140 — CVSS 4.8 (medium): The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2015-7976 — CVSS 4.3 (medium): The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special…
CVE-2016-7427 — CVSS 4.3 (medium): The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service…
CVE-2016-7428 — CVSS 4.3 (medium): ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a…
CVE-2016-7429 — CVSS 3.7 (low): NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to…
CVE-2016-1551 — CVSS 3.7 (low): ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from…