Skip to main content

Chrony

6 CVEs product

Monthly

CVE-2020-14367 MEDIUM PATCH This Month

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Chrony Fedora Ubuntu Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2016-1567 HIGH POC PATCH This Week

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Chrony
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2015-1822 MEDIUM PATCH This Month

chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Debian Linux Chrony
NVD
CVSS 2.0
6.5
EPSS
2.1%
CVE-2015-1821 MEDIUM PATCH This Month

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow Chrony Debian Linux
NVD
CVSS 2.0
6.5
EPSS
2.6%
CVE-2012-4503 MEDIUM PATCH This Month

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Chrony
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-4502 MEDIUM PATCH This Month

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Chrony
NVD
CVSS 2.0
5.0
EPSS
0.8%
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Path Traversal Chrony +2
NVD
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Chrony
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Debian Linux +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

cmdmon.c in Chrony before 1.29 allows remote attackers to obtain potentially sensitive information from stack memory via vectors related to (1) an invalid subnet in a RPY_SUBNETS_ACCESSED command to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Chrony
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Chrony
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy