National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:net-snmp:net-snmp:5.0.7
There are 14 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-18066

snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Published: October 08, 2018; 02:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-18065

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.

Published: October 08, 2018; 02:29:00 PM -04:00
V3.0: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2015-8100

The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.

Published: November 09, 2015; 10:59:02 PM -05:00
    V2: 2.1 LOW
CVE-2015-5621

The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

Published: August 19, 2015; 11:59:09 AM -04:00
    V2: 7.5 HIGH
CVE-2014-3565

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.

Published: October 07, 2014; 10:55:04 AM -04:00
    V2: 5.0 MEDIUM
CVE-2014-2285

The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptrapd crash) via an empty community string in an SNMP trap, which triggers a NULL pointer dereference within the newSVpv function in Perl.

Published: April 27, 2014; 06:55:05 PM -04:00
    V2: 4.3 MEDIUM
CVE-2014-2310

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Published: April 17, 2014; 10:55:11 AM -04:00
    V2: 5.0 MEDIUM
CVE-2012-6151

Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.

Published: December 13, 2013; 01:55:04 PM -05:00
    V2: 4.3 MEDIUM
CVE-2007-5846

The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.

Published: November 06, 2007; 04:46:00 PM -05:00
    V2: 7.8 HIGH
CVE-2005-4837

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.

Published: December 31, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2005-2811

Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.

Published: September 07, 2005; 02:03:00 PM -04:00
    V2: 4.6 MEDIUM
CVE-2005-2177

Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.

Published: July 11, 2005; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2005-1740

fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.

Published: May 24, 2005; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2003-0935

Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.

Published: December 01, 2003; 12:00:00 AM -05:00
    V2: 6.4 MEDIUM