Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
net-snmp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-26602
ASUS ASMB8 iKVM firmware up to and including 1.14.51 allows remote malicious users to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
Asus Asmb8-ikvm Firmware
1 Github repository
8.8
CVSSv3
CVE-2022-36310
Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.
Airspan Airvelocity 1500 Firmware
7.8
CVSSv3
CVE-2020-15861
Net-SNMP up to and including 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
Net-snmp Net-snmp
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Netapp Cloud Backup -
Netapp Smi-s Provider -
Netapp Solidfire \\& Hci Management Node -
7.8
CVSSv3
CVE-2020-15862
Net-SNMP up to and including 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.
Net-snmp Net-snmp
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Netapp Cloud Backup -
Netapp Smi-s Provider -
Netapp Solidfire -
Netapp Hci Management Node -
7.5
CVSSv3
CVE-2018-18066
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP prior to 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated malicious user to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Net-snmp Net-snmp
Netapp Storagegrid Webscale -
Netapp Solidfire Element Os -
Netapp Hyper Converged Infrastructure -
Netapp Cloud Backup -
Netapp Data Ontap -
Netapp E-series Santricity Os Controller
6.5
CVSSv3
CVE-2022-44793
handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.4.3 up to and including 5.9.3 has a NULL Pointer Exception bug that can be used by a remote malicious user to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Net-snmp Net-snmp
Debian Debian Linux 10.0
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
6.5
CVSSv3
CVE-2022-44792
handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP 5.8 up to and including 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker (who has write access) to cause the instance to crash via a crafted UDP packet, resulting in Denial of Servic...
Net-snmp Net-snmp
Debian Debian Linux 10.0
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
6.5
CVSSv3
CVE-2019-20892
net-snmp prior to 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release.
Net-snmp Net-snmp
Oracle Zfs Storage Appliance Kit 8.8
6.5
CVSSv3
CVE-2018-18065
_set_key in agent/helpers/table_container.c in Net-SNMP prior to 5.8 has a NULL Pointer Exception bug that can be used by an authenticated malicious user to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Net-snmp Net-snmp
Debian Debian Linux 9.0
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 12.04
Netapp Cloud Backup -
Netapp E-series Santricity Os Controller
Netapp Data Ontap -
Netapp Storagegrid Webscale -
Netapp Hyper Converged Infrastructure -
Netapp Solidfire Element Os -
Paloaltonetworks Pan-os
1 EDB exploit
NA
CVE-2022-24809
net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Us...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »