CVSS: 9.8EPSS: 38%CPEs: 3EXPL: 1CVE-2008-2292 – Net-SNMP 5.1.4/5.2.4/5.4.1 Perl Module - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-2292
18 May 2008 — Buffer overflow in the __snprint_value function in snmp_get in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair (AVP). Desbordamiento de búfer en la función __snprint_value de snmp_get en Net-SNMP 5.1.4, 5.2.4 y 5.4.1, como se usa en SNMP.xs para Perl, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar c... • https://www.exploit-db.com/exploits/7100 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 34%CPEs: 1EXPL: 0CVE-2007-5846 – net-snmp remote DoS via udp packet
https://notcve.org/view.php?id=CVE-2007-5846
06 Nov 2007 — The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value. El agente SNMP (snmp_agent.c) en net-snmp versiones anteriores a 5.4.1, permite a atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) por medio de una petición GETBULK con un valor de max-repeaters largo. • http://bugs.gentoo.org/show_bug.cgi?id=198346 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6305
https://notcve.org/view.php?id=CVE-2006-6305
06 Dec 2006 — Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access. Vulnerabilidad no especificada en Net-SNMP 5.3 anterior a 5.3.0.1, cuando está configurado para que use las señales (tokens) de snmpd.conf rocommunity y rouser, provoca que Net-SNMP otorgue permisos de escritura a usuarios o comunidades que solo tenían permisos de lectura. • http://net-snmp.sourceforge.net/about/ChangeLog.html •
CVSS: 10.0EPSS: 13%CPEs: 14EXPL: 1CVE-2005-4837
https://notcve.org/view.php?id=CVE-2005-4837
31 Dec 2005 — snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177. • http://secunia.com/advisories/25114 • CWE-16: Configuration CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2005-2811
https://notcve.org/view.php?id=CVE-2005-2811
07 Sep 2005 — Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. • http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml •
CVSS: 7.5EPSS: 12%CPEs: 14EXPL: 0CVE-2005-2177
https://notcve.org/view.php?id=CVE-2005-2177
10 Jul 2005 — Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop. • http://secunia.com/advisories/15930 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1740
https://notcve.org/view.php?id=CVE-2005-1740
24 May 2005 — fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. • http://secunia.com/advisories/15471 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2003-0935
https://notcve.org/view.php?id=CVE-2003-0935
12 Nov 2003 — Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed. Net-SNMP anteriores a 5.0.9 permite a un usuario o comunidad acceder a datos en objetos MIB , incluso si no está perimtido que los datos sean vistos. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778 •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1170
https://notcve.org/view.php?id=CVE-2002-1170
11 Oct 2002 — The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. La función handle_var_requests en snmp_agent.c del demonio SNMP en el paquete Net-SNMP (antes ucd-snmp) 5.0.1, 5.0.3, y 5.0.4.pre2, permite a atacantes remotos causar una denegación de servicio (caida) mediante una desreferencia nula (NULL). • http://marc.info/?l=bugtraq&m=103359362020365&w=2 •