| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-44793 |
476 |
|
DoS |
2022-11-07 |
2023-02-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
|
2 |
CVE-2022-44792 |
476 |
|
DoS |
2022-11-07 |
2023-02-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
|
3 |
CVE-2020-15862 |
269 |
|
|
2020-08-20 |
2020-09-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. |
|
4 |
CVE-2020-15861 |
59 |
|
|
2020-08-20 |
2022-12-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. |
|
5 |
CVE-2019-20892 |
415 |
|
|
2020-06-25 |
2022-09-02 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. |
|
6 |
CVE-2018-18066 |
476 |
|
DoS |
2018-10-08 |
2019-10-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
|
7 |
CVE-2018-18065 |
476 |
|
DoS |
2018-10-08 |
2019-10-16 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. |
|
8 |
CVE-2015-8100 |
200 |
|
+Info |
2015-11-10 |
2016-12-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. |
|
9 |
CVE-2015-5621 |
19 |
|
DoS Exec Code |
2015-08-19 |
2018-10-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. |
|
10 |
CVE-2014-3565 |
399 |
|
DoS |
2014-10-07 |
2023-02-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. |
|
11 |
CVE-2014-2310 |
20 |
|
DoS |
2014-04-17 |
2014-04-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151. |
|
12 |
CVE-2012-6151 |
399 |
|
DoS |
2013-12-13 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. |
|
13 |
CVE-2007-5846 |
399 |
|
DoS |
2007-11-06 |
2018-10-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. |
|
14 |
CVE-2005-2811 |
|
|
+Priv |
2005-09-07 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. |
