Vulnerabilities > NET Snmp

DATE CVE VULNERABILITY TITLE RISK
2022-11-07 CVE-2022-44792 NULL Pointer Dereference vulnerability in Net-Snmp
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
network
low complexity
net-snmp CWE-476
6.5
2022-11-07 CVE-2022-44793 NULL Pointer Dereference vulnerability in Net-Snmp
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
network
low complexity
net-snmp CWE-476
6.5
2020-08-20 CVE-2020-15862 Improper Privilege Management vulnerability in multiple products
Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
local
low complexity
net-snmp canonical netapp CWE-269
7.8
2020-08-20 CVE-2020-15861 Link Following vulnerability in multiple products
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
local
low complexity
net-snmp canonical netapp CWE-59
7.8
2020-06-25 CVE-2019-20892 Double Free vulnerability in multiple products
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request.
network
low complexity
net-snmp oracle CWE-415
4.0
2018-10-08 CVE-2018-18066 NULL Pointer Dereference vulnerability in multiple products
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
network
low complexity
net-snmp netapp CWE-476
5.0
2018-10-08 CVE-2018-18065 NULL Pointer Dereference vulnerability in multiple products
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
4.0
2018-03-07 CVE-2018-1000116 Out-of-bounds Write vulnerability in multiple products
NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the UDP protocol handler that can result in command execution.
network
low complexity
net-snmp debian CWE-787
7.5
2015-11-10 CVE-2015-8100 Information Exposure vulnerability in Net-Snmp
The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.
local
low complexity
net-snmp CWE-200
2.1
2015-08-19 CVE-2015-5621 Data Processing Errors vulnerability in Net-Snmp
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
network
low complexity
net-snmp CWE-19
7.5