Shodan
Vulnerabilities
Vulnerable Software
Ntp:  >> Ntp  >> 4.2.8  Security Vulnerabilities
CVE-2015-7691
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVSS Score
7.5
EPSS Score
0.062
Published
2017-08-07
CVE-2015-7692
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVSS Score
7.5
EPSS Score
0.063
Published
2017-08-07
CVE-2015-7701
Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).
CVSS Score
7.5
EPSS Score
0.078
Published
2017-08-07
CVE-2015-7702
The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.
CVSS Score
6.5
EPSS Score
0.014
Published
2017-08-07
CVE-2015-7704
The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.
CVSS Score
7.5
EPSS Score
0.226
Published
2017-08-07
CVE-2015-7705
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
CVSS Score
9.8
EPSS Score
0.255
Published
2017-08-07
CVE-2015-7849
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.
CVSS Score
8.8
EPSS Score
0.043
Published
2017-08-07
CVE-2015-7850
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
CVSS Score
6.5
EPSS Score
0.028
Published
2017-08-07
CVE-2015-7852
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.
CVSS Score
5.9
EPSS Score
0.035
Published
2017-08-07
CVE-2015-7853
The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.
CVSS Score
9.8
EPSS Score
0.21
Published
2017-08-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved