Net-snmp

Net-snmp

35 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2020-15861

  • EPSS 0.43%
  • Veröffentlicht 20.08.2020 01:17:13
  • Zuletzt bearbeitet 03.12.2025 19:15:51

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

6.5

CVE-2019-20892

Exploit
  • EPSS 0.5%
  • Veröffentlicht 25.06.2020 10:15:10
  • Zuletzt bearbeitet 21.11.2024 04:39:37

net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream...

7.5

CVE-2018-18066

Exploit
  • EPSS 0.59%
  • Veröffentlicht 08.10.2018 18:29:00
  • Zuletzt bearbeitet 06.05.2025 15:15:54

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

6.5

CVE-2018-18065

Exploit
  • EPSS 11.46%
  • Veröffentlicht 08.10.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:25

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

9.8

CVE-2018-1000116

Exploit
  • EPSS 3.94%
  • Veröffentlicht 07.03.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:40

NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.

2.1

CVE-2015-8100

  • EPSS 0.14%
  • Veröffentlicht 10.11.2015 03:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.

7.5

CVE-2015-5621

Exploit
  • EPSS 17.81%
  • Veröffentlicht 19.08.2015 15:59:09
  • Zuletzt bearbeitet 04.12.2025 18:15:49

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and po...

5

CVE-2014-3565

Exploit
  • EPSS 8.76%
  • Veröffentlicht 07.10.2014 14:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB f...

4.3

CVE-2014-2285

  • EPSS 3.12%
  • Veröffentlicht 27.04.2014 22:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP...

5

CVE-2014-2310

  • EPSS 1.15%
  • Veröffentlicht 17.04.2014 14:55:11
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-...