Vulnerabilities > NET Snmp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-20 | CVE-2020-15862 | Improper Privilege Management vulnerability in multiple products Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. | 7.2 |
| 2020-08-20 | CVE-2020-15861 | Link Following vulnerability in Net-Snmp Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following. | 7.2 |
| 2020-06-25 | CVE-2019-20892 | Double Free vulnerability in Net-Snmp net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. | 4.0 |
| 2018-10-08 | CVE-2018-18066 | NULL Pointer Dereference vulnerability in multiple products snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 5.0 |
| 2018-10-08 | CVE-2018-18065 | NULL Pointer Dereference vulnerability in multiple products _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | 4.0 |
| 2018-03-07 | CVE-2018-1000116 | Out-of-bounds Write vulnerability in multiple products NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution. | 7.5 |
| 2015-11-10 | CVE-2015-8100 | Information Exposure vulnerability in Net-Snmp The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. | 2.1 |
| 2015-08-19 | CVE-2015-5621 | Data Processing Errors vulnerability in Net-Snmp The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet. | 7.5 |
| 2014-10-07 | CVE-2014-3565 | Resource Management Errors vulnerability in multiple products snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. | 5.0 |
| 2014-04-27 | CVE-2014-2285 | Improper Input Validation vulnerability in Net-Snmp The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl. | 4.3 |