{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","type":"deb","namespace":"debian","name":"ntp","version":"1:4.2.8p4+dfsg-1","qualifiers":{"distro":"bullseye"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1:4.2.8p4+dfsg-2","latest_non_vulnerable_version":"1:4.2.8p15+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95555?format=json","vulnerability_id":"VCID-4u9s-egzq-nkfh","summary":"Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7871","reference_id":"","reference_type":"","scores":[{"value":"0.83579","scoring_system":"epss","scoring_elements":"0.99299","published_at":"2026-06-04T12:55:00Z"},{"value":"0.83579","scoring_system":"epss","scoring_elements":"0.993","published_at":"2026-06-05T12:55:00Z"},{"value":"0.83579","scoring_system":"epss","scoring_elements":"0.99301","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274265","reference_id":"1274265","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274265"},{"reference_url":"https://security.gentoo.org/glsa/201604-03","reference_id":"GLSA-201604-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201604-03"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7871"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4u9s-egzq-nkfh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95552?format=json","vulnerability_id":"VCID-86qj-ydjd-cqhw","summary":"The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative input value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7853.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7853.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7853","reference_id":"","reference_type":"","scores":[{"value":"0.39586","scoring_system":"epss","scoring_elements":"0.97384","published_at":"2026-06-04T12:55:00Z"},{"value":"0.39586","scoring_system":"epss","scoring_elements":"0.97389","published_at":"2026-06-05T12:55:00Z"},{"value":"0.39586","scoring_system":"epss","scoring_elements":"0.9739","published_at":"2026-06-07T12:55:00Z"},{"value":"0.39586","scoring_system":"epss","scoring_elements":"0.97391","published_at":"2026-06-08T12:55:00Z"},{"value":"0.39586","scoring_system":"epss","scoring_elements":"0.97392","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7853"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7853"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274262","reference_id":"1274262","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274262"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7853"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-86qj-ydjd-cqhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95542?format=json","vulnerability_id":"VCID-9wj2-txxh-myaf","summary":"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7702.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7702.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7702","reference_id":"","reference_type":"","scores":[{"value":"0.01669","scoring_system":"epss","scoring_elements":"0.82442","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01669","scoring_system":"epss","scoring_elements":"0.82472","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01669","scoring_system":"epss","scoring_elements":"0.8247","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01669","scoring_system":"epss","scoring_elements":"0.82468","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01669","scoring_system":"epss","scoring_elements":"0.82461","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01669","scoring_system":"epss","scoring_elements":"0.82474","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274254","reference_id":"1274254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274254"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0780","reference_id":"RHSA-2016:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2583","reference_id":"RHSA-2016:2583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2583"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7702"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wj2-txxh-myaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95539?format=json","vulnerability_id":"VCID-eh5a-wbzw-g3ah","summary":"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations.  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7691.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7691","reference_id":"","reference_type":"","scores":[{"value":"0.12144","scoring_system":"epss","scoring_elements":"0.93951","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12144","scoring_system":"epss","scoring_elements":"0.9396","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12144","scoring_system":"epss","scoring_elements":"0.93961","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12144","scoring_system":"epss","scoring_elements":"0.93959","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12144","scoring_system":"epss","scoring_elements":"0.93966","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274254","reference_id":"1274254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274254"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0780","reference_id":"RHSA-2016:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2583","reference_id":"RHSA-2016:2583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2583"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7691"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eh5a-wbzw-g3ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95554?format=json","vulnerability_id":"VCID-fnng-682z-tyeu","summary":"The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7855.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7855.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7855","reference_id":"","reference_type":"","scores":[{"value":"0.50067","scoring_system":"epss","scoring_elements":"0.97874","published_at":"2026-06-04T12:55:00Z"},{"value":"0.50067","scoring_system":"epss","scoring_elements":"0.97878","published_at":"2026-06-05T12:55:00Z"},{"value":"0.50067","scoring_system":"epss","scoring_elements":"0.97879","published_at":"2026-06-09T12:55:00Z"},{"value":"0.50067","scoring_system":"epss","scoring_elements":"0.9788","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274264","reference_id":"1274264","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274264"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40840.py","reference_id":"CVE-2015-7855","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/40840.py"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7855"],"risk_score":1.0,"exploitability":"2.0","weighted_severity":"0.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnng-682z-tyeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95541?format=json","vulnerability_id":"VCID-h832-4h4b-jkbs","summary":"Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7701.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7701.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7701","reference_id":"","reference_type":"","scores":[{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93645","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93655","published_at":"2026-06-05T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93654","published_at":"2026-06-06T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93653","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93652","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11211","scoring_system":"epss","scoring_elements":"0.93659","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274255","reference_id":"1274255","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274255"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0780","reference_id":"RHSA-2016:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2583","reference_id":"RHSA-2016:2583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2583"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7701"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h832-4h4b-jkbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95550?format=json","vulnerability_id":"VCID-jjwc-628j-yug8","summary":"Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7851.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7851.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7851","reference_id":"","reference_type":"","scores":[{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65842","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65895","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65907","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65893","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65882","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.659","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274260","reference_id":"1274260","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274260"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7851"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjwc-628j-yug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95546?format=json","vulnerability_id":"VCID-kawt-v28m-pqdb","summary":"An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7848.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7848.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7848","reference_id":"","reference_type":"","scores":[{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81025","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81053","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81056","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81052","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81048","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01434","scoring_system":"epss","scoring_elements":"0.81066","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7848"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274256","reference_id":"1274256","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274256"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7848"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kawt-v28m-pqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95549?format=json","vulnerability_id":"VCID-kf84-271t-1qaf","summary":"ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7850.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7850.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7850","reference_id":"","reference_type":"","scores":[{"value":"0.02555","scoring_system":"epss","scoring_elements":"0.8578","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02555","scoring_system":"epss","scoring_elements":"0.85802","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02555","scoring_system":"epss","scoring_elements":"0.85804","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02555","scoring_system":"epss","scoring_elements":"0.858","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02555","scoring_system":"epss","scoring_elements":"0.85785","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02555","scoring_system":"epss","scoring_elements":"0.85799","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274258","reference_id":"1274258","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274258"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7850"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kf84-271t-1qaf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95543?format=json","vulnerability_id":"VCID-sppq-z45d-ufaq","summary":"The \"pidfile\" or \"driftfile\" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7703.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7703.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7703","reference_id":"","reference_type":"","scores":[{"value":"0.09221","scoring_system":"epss","scoring_elements":"0.92863","published_at":"2026-06-08T12:55:00Z"},{"value":"0.09221","scoring_system":"epss","scoring_elements":"0.92874","published_at":"2026-06-05T12:55:00Z"},{"value":"0.09221","scoring_system":"epss","scoring_elements":"0.9287","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09221","scoring_system":"epss","scoring_elements":"0.92865","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09221","scoring_system":"epss","scoring_elements":"0.92877","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1254547","reference_id":"1254547","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1254547"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0780","reference_id":"RHSA-2016:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2583","reference_id":"RHSA-2016:2583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2583"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7703"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sppq-z45d-ufaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95553?format=json","vulnerability_id":"VCID-tytc-m4qx-tfh7","summary":"Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7854.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7854.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7854","reference_id":"","reference_type":"","scores":[{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87149","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87172","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87169","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87165","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87161","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03157","scoring_system":"epss","scoring_elements":"0.87173","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7854"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7854"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274263","reference_id":"1274263","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274263"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7854"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tytc-m4qx-tfh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95540?format=json","vulnerability_id":"VCID-wgpz-b5pr-efhw","summary":"The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash).  NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7692.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7692","reference_id":"","reference_type":"","scores":[{"value":"0.13859","scoring_system":"epss","scoring_elements":"0.94431","published_at":"2026-06-04T12:55:00Z"},{"value":"0.13859","scoring_system":"epss","scoring_elements":"0.94439","published_at":"2026-06-05T12:55:00Z"},{"value":"0.13859","scoring_system":"epss","scoring_elements":"0.94441","published_at":"2026-06-06T12:55:00Z"},{"value":"0.13859","scoring_system":"epss","scoring_elements":"0.94443","published_at":"2026-06-07T12:55:00Z"},{"value":"0.13859","scoring_system":"epss","scoring_elements":"0.94444","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13859","scoring_system":"epss","scoring_elements":"0.94448","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274254","reference_id":"1274254","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274254"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0780","reference_id":"RHSA-2016:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2583","reference_id":"RHSA-2016:2583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2583"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7692"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgpz-b5pr-efhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95551?format=json","vulnerability_id":"VCID-ymvr-7udm-d3db","summary":"ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7852.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7852.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7852","reference_id":"","reference_type":"","scores":[{"value":"0.03174","scoring_system":"epss","scoring_elements":"0.87183","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03174","scoring_system":"epss","scoring_elements":"0.87206","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03174","scoring_system":"epss","scoring_elements":"0.87203","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03174","scoring_system":"epss","scoring_elements":"0.872","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03174","scoring_system":"epss","scoring_elements":"0.87197","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03174","scoring_system":"epss","scoring_elements":"0.87209","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5195"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7692"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7702"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7703"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7704"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7850"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7871"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274261","reference_id":"1274261","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274261"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0780","reference_id":"RHSA-2016:0780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2583","reference_id":"RHSA-2016:2583","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2583"},{"reference_url":"https://usn.ubuntu.com/2783-1/","reference_id":"USN-2783-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2783-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7852"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymvr-7udm-d3db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95548?format=json","vulnerability_id":"VCID-zchj-6da8-bqdv","summary":"Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7849.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7849.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7849","reference_id":"","reference_type":"","scores":[{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88195","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88215","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88218","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88217","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03728","scoring_system":"epss","scoring_elements":"0.88233","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7849"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7849"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274257","reference_id":"1274257","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1274257"},{"reference_url":"https://security.gentoo.org/glsa/201607-15","reference_id":"GLSA-201607-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201607-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119714?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p4%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/119698?format=json","purl":"pkg:deb/debian/ntp@1:4.2.8p15%2Bdfsg-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p15%252Bdfsg-1%3Fdistro=bullseye"}],"aliases":["CVE-2015-7849"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zchj-6da8-bqdv"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/ntp@1:4.2.8p4%252Bdfsg-1%3Fdistro=bullseye"}