| Bug | jessie | stretch | buster | bullseye | Description |
|---|
| CVE-2023-26555 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ... |
| CVE-2020-15025 | fixed | fixed | vulnerable (no DSA) | fixed | ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ... |
| CVE-2020-13817 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ... |
| CVE-2020-11868 | fixed | vulnerable (no DSA) | vulnerable (no DSA) | fixed | ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ... |
| CVE-2018-8956 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA, ignored) | fixed | ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ... |
| CVE-2018-7185 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote attac ... |
| CVE-2018-7184 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ... |
| CVE-2018-7183 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 throu ... |
| CVE-2018-7182 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | fixed | fixed | The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows r ... |
| CVE-2018-7170 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authen ... |
| CVE-2017-6464 | vulnerable (no DSA) | fixed | fixed | fixed | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ... |
| CVE-2017-6463 | vulnerable (no DSA) | fixed | fixed | fixed | NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticate ... |
| CVE-2016-9311 | vulnerable (no DSA) | fixed | fixed | fixed | ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ... |
| CVE-2016-9310 | vulnerable (no DSA) | fixed | fixed | fixed | The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ... |
| CVE-2016-7429 | vulnerable (no DSA) | fixed | fixed | fixed | NTP before 4.2.8p9 changes the peer structure to the interface it rece ... |
| CVE-2016-7426 | vulnerable (no DSA) | fixed | fixed | fixed | NTP before 4.2.8p9 rate limits responses received from the configured ... |
| CVE-2016-4955 | vulnerable (no DSA) | fixed | fixed | fixed | ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ... |
| CVE-2016-4954 | vulnerable (no DSA) | fixed | fixed | fixed | The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4 ... |
| CVE-2016-2519 | vulnerable (no DSA) | fixed | fixed | fixed | ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attac ... |
| CVE-2016-1549 | vulnerable (no DSA) | fixed | fixed | fixed | A malicious authenticated peer can create arbitrarily-many ephemeral a ... |
| CVE-2016-0727 | vulnerable (no DSA) | fixed | fixed | fixed | The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3. ... |
| CVE-2015-8140 | vulnerable (no DSA) | fixed | fixed | fixed | The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to con ... |
| CVE-2015-8139 | vulnerable (no DSA) | fixed | fixed | fixed | ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ti ... |
| CVE-2015-7976 | vulnerable (no DSA) | fixed | fixed | fixed | The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4 ... |
| CVE-2015-7973 | vulnerable (no DSA) | fixed | fixed | fixed | NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadca ... |
| CVE-2015-7705 | vulnerable (no DSA) | fixed | fixed | fixed | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4 ... |
| CVE-2014-5209 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | An Information Disclosure vulnerability exists in NTP 4.2.7p25 private ... |
| CVE-2013-5211 | vulnerable (no DSA) | fixed | fixed | fixed | The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 al ... |
| Bug | Description |
|---|
| CVE-2019-8936 | NTP through 4.2.8p12 has a NULL Pointer Dereference. |
| CVE-2017-6460 | Stack-based buffer overflow in the reslist function in ntpq in NTP bef ... |
| CVE-2017-6459 | The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ... |
| CVE-2017-6455 | NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ... |
| CVE-2017-6452 | Stack-based buffer overflow in the Windows installer for NTP before 4. ... |
| CVE-2017-6451 | The mx4200_send function in the legacy MX4200 refclock in NTP before 4 ... |
| CVE-2016-9312 | ntpd in NTP before 4.2.8p9, when running on Windows, allows remote att ... |
| CVE-2016-9042 | An exploitable denial of service vulnerability exists in the origin ti ... |
| CVE-2016-7434 | The read_mru_list function in NTP before 4.2.8p9 allows remote attacke ... |
| CVE-2016-7433 | NTP before 4.2.8p9 does not properly perform the initial sync calculat ... |
| CVE-2016-7431 | NTP before 4.2.8p9 allows remote attackers to bypass the origin timest ... |
| CVE-2016-7428 | ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial o ... |
| CVE-2016-7427 | The broadcast mode replay prevention functionality in ntpd in NTP befo ... |
| CVE-2016-4957 | ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial o ... |
| CVE-2016-4956 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ... |
| CVE-2016-4953 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a deni ... |
| CVE-2016-2518 | The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x befor ... |
| CVE-2016-2516 | NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, all ... |
| CVE-2016-1551 | ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f9 ... |
| CVE-2016-1550 | An exploitable vulnerability exists in the message authentication func ... |
| CVE-2016-1548 | An attacker can spoof a packet from a legitimate ntpd server with an o ... |
| CVE-2016-1547 | An off-path attacker can cause a preemptible client association to be ... |
| CVE-2015-8158 | The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4. ... |
| CVE-2015-8138 | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ... |
| CVE-2015-7979 | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ... |
| CVE-2015-7978 | NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers t ... |
| CVE-2015-7977 | ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attac ... |
| CVE-2015-7975 | The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 doe ... |
| CVE-2015-7974 | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer asso ... |
| CVE-2015-7871 | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x befo ... |
| CVE-2015-7855 | The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3 ... |
| CVE-2015-7854 | Buffer overflow in the password management functionality in NTP 4.2.x ... |
| CVE-2015-7853 | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8 ... |
| CVE-2015-7852 | ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ... |
| CVE-2015-7851 | Directory traversal vulnerability in the save_config function in ntpd ... |
| CVE-2015-7850 | ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remot ... |
| CVE-2015-7849 | Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and ... |
| CVE-2015-7848 | An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-b ... |
| CVE-2015-7704 | The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allo ... |
| CVE-2015-7703 | The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8 ... |
| CVE-2015-7702 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ... |
| CVE-2015-7701 | Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4 ... |
| CVE-2015-7692 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ... |
| CVE-2015-7691 | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3. ... |
| CVE-2015-5300 | The panic_gate check in NTP before 4.2.8p5 is only re-enabled after th ... |
| CVE-2015-5219 | The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not proper ... |
| CVE-2015-5195 | ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers ... |
| CVE-2015-5194 | The log_config_command function in ntp_parser.y in ntpd in NTP before ... |
| CVE-2015-5146 | ntpd in ntp before 4.2.8p3 with remote configuration enabled allows re ... |
| CVE-2015-3405 | ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 d ... |
| CVE-2015-1799 | The symmetric-key feature in the receive function in ntp_proto.c in nt ... |
| CVE-2015-1798 | The symmetric-key feature in the receive function in ntp_proto.c in nt ... |
| CVE-2014-9751 | The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ... |
| CVE-2014-9750 | ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentic ... |
| CVE-2014-9296 | The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 contin ... |
| CVE-2014-9295 | Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 allo ... |
| CVE-2014-9294 | util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RN ... |
| CVE-2014-9293 | The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ... |
| CVE-2009-3563 | ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ... |
| CVE-2009-1252 | Stack-based buffer overflow in the crypto_recv function in ntp_crypto. ... |
| CVE-2009-0159 | Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ... |
| CVE-2009-0021 | NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ... |
| CVE-2005-2496 | The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ... |
| CVE-2004-0657 | Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP se ... |