Every CVE whose affected-product data names Tuxfamily Chrony, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2016-1567 — CVSS 8.1 (high): chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow…
CVE-2015-1821 — CVSS 6.5 (medium): Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or…
CVE-2015-1853 — CVSS 6.5 (medium): chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers…
CVE-2015-1822 — CVSS 6.5 (medium): chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows…
CVE-2020-14367 — CVSS 6.0 (medium): A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during…
CVE-2012-4503 — CVSS 5.0 (medium): cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to…
CVE-2012-4502 — CVSS 5.0 (medium): Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted…
CVE-2010-0294 — CVSS 5.0 (medium): chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows…
CVE-2010-0293 — CVSS 5.0 (medium): The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client…
CVE-2010-0292 — CVSS 5.0 (medium): The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial…