Filtered by vendor Net-snmp Subscriptions
Filtered by product Net-snmp Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-44793 4 Debian, Net-snmp, Netapp and 1 more 11 Debian Linux, Net-snmp, H300s and 8 more 2024-11-21 6.5 Medium
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2022-44792 4 Debian, Net-snmp, Netapp and 1 more 11 Debian Linux, Net-snmp, H300s and 8 more 2024-11-21 6.5 Medium
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2020-15862 4 Canonical, Net-snmp, Netapp and 1 more 11 Ubuntu Linux, Net-snmp, Cloud Backup and 8 more 2024-11-21 7.8 High
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
CVE-2020-15861 3 Canonical, Net-snmp, Netapp 5 Ubuntu Linux, Net-snmp, Cloud Backup and 2 more 2024-11-21 7.8 High
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2019-20892 3 Net-snmp, Oracle, Redhat 3 Net-snmp, Zfs Storage Appliance Kit, Enterprise Linux 2024-11-21 6.5 Medium
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
CVE-2018-18066 3 Net-snmp, Netapp, Redhat 9 Net-snmp, Cloud Backup, Data Ontap and 6 more 2024-11-21 N/A
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-18065 5 Canonical, Debian, Net-snmp and 2 more 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more 2024-11-21 N/A
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVE-2018-1000116 3 Debian, Net-snmp, Redhat 3 Debian Linux, Net-snmp, Enterprise Linux 2024-11-21 N/A
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
CVE-2015-8100 1 Net-snmp 1 Net-snmp 2024-11-21 N/A
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.
CVE-2015-5621 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2024-11-21 N/A
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
CVE-2014-3565 4 Apple, Canonical, Net-snmp and 1 more 4 Mac Os X, Ubuntu Linux, Net-snmp and 1 more 2024-11-21 N/A
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
CVE-2014-2310 1 Net-snmp 1 Net-snmp 2024-11-21 N/A
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.
CVE-2014-2285 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2024-11-21 N/A
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.
CVE-2014-2284 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2024-11-21 N/A
The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2012-6151 4 Apple, Canonical, Net-snmp and 1 more 4 Mac Os X, Ubuntu Linux, Net-snmp and 1 more 2024-11-21 N/A
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
CVE-2012-2141 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2024-11-21 N/A
Array index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.
CVE-2009-1887 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2024-11-21 N/A
agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-4309.
CVE-2008-6123 4 Net-snmp, Opensuse, Redhat and 1 more 4 Net-snmp, Opensuse, Enterprise Linux and 1 more 2024-11-21 N/A
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
CVE-2008-4309 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2024-11-21 N/A
Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK request, which triggers a heap-based buffer overflow, related to the number of responses or repeats.
CVE-2008-2292 2 Net-snmp, Redhat 3 Net-snmp, Enterprise Linux, Rhel Eus 2024-11-21 N/A
Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP).