English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

Net-snmp Net-snmp 5.4.2.1

CPE Details

Net-snmp Net-snmp 5.4.2.1
net-snmp
net-snmp
5.4.2.1
2023-12-08 23:30 +00:00
2023-12-08 23:30 +00:00
CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.
Alert management

CPE Name: cpe:2.3:a:net-snmp:net-snmp:5.4.2.1:*:*:*:*:*:*:*

Informations

Vendor

net-snmp

Product

net-snmp

Version

5.4.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-15861 2020-08-19 16:28 +00:00 Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
7.8
HIGH
CVE-2020-15862 2020-08-18 22:00 +00:00 Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
7.8
HIGH
CVE-2019-20892 2020-06-25 07:07 +00:00 net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
6.5
MEDIUM
CVE-2018-18065 2018-10-08 16:00 +00:00 _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
6.5
MEDIUM
CVE-2018-18066 2018-10-08 16:00 +00:00 snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
7.5
HIGH
CVE-2015-8100 2015-11-10 01:00 +00:00 The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.
2.1
CVE-2015-5621 2015-08-19 13:00 +00:00 The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
7.5
CVE-2014-3565 2014-10-07 12:00 +00:00 snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message.
5
CVE-2012-6151 2013-12-13 16:00 +00:00 Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
4.3
CVE-2008-6123 2009-02-12 15:00 +00:00 The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."
5

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.