CVE-2015-7978
NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list.
Source: CVE-2015-7978
[월:] 2017년 01월
CVE-2015-8138
CVE-2015-8138
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to prigina timestamp validation via a packet with an origin timestamp set to zero.
Source: CVE-2015-8138
CVE-2015-8139
CVE-2015-8139
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
Source: CVE-2015-8139
CVE-2015-7979
CVE-2015-7979
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
Source: CVE-2015-7979
CVE-2015-8158
CVE-2015-8158
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
Source: CVE-2015-8158
CVE-2015-8140
CVE-2015-8140
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
Source: CVE-2015-8140
CVE-2017-5573
CVE-2017-5573
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
Source: CVE-2017-5573
CVE-2017-5572
CVE-2017-5572
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
Source: CVE-2017-5572
CVE-2017-5610
CVE-2017-5610
wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.
Source: CVE-2017-5610
CVE-2017-5611
CVE-2017-5611
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name.
Source: CVE-2017-5611