Vulnerabilities (CVE)

Filtered by vendor Hpe Subscribe
Filtered by product Hpux-ntp
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-6458 4 Apple, Hpe, Ntp and 1 more 5 Mac Os X, Hpux-ntp, Ntp and 2 more 2024-11-21 6.5 MEDIUM 8.8 HIGH
Multiple buffer overflows in the ctl_put* functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable.
CVE-2016-7434 2 Hpe, Ntp 2 Hpux-ntp, Ntp 2024-11-21 4.3 MEDIUM 7.5 HIGH
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-7426 4 Canonical, Hpe, Ntp and 1 more 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more 2024-11-21 4.3 MEDIUM 7.5 HIGH
NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address.
CVE-2019-8936 5 Fedoraproject, Hpe, Netapp and 2 more 6 Fedora, Hpux-ntp, Clustered Data Ontap and 3 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2016-9042 4 Freebsd, Hpe, Ntp and 1 more 5 Freebsd, Hpux-ntp, Ntp and 2 more 2024-02-04 4.3 MEDIUM 5.9 MEDIUM
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
CVE-2018-7185 6 Canonical, Hpe, Netapp and 3 more 23 Ubuntu Linux, Hpux-ntp, Hci and 20 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attackers to cause a denial of service (disruption) by continually sending a packet with a zero-origin timestamp and source IP address of the "other side" of an interleaved association causing the victim ntpd to reset its association.
CVE-2018-7170 4 Hpe, Netapp, Ntp and 1 more 10 Hpux-ntp, Hci, Solidfire and 7 more 2024-02-04 3.5 LOW 5.3 MEDIUM
ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.