CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 3CVE-2002-1570 – Net-SNMP 4.2.3 - snmpnetstat Remote Heap Overflow
https://notcve.org/view.php?id=CVE-2002-1570
Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array. Desbordamiento de búfer basado en la pila in snmpnetstat en ucd-snmp 4.2.3 y anteriores y net-snmp, permita atacantes remotos ejecutar código arbitrario múltiples mensajes PDU getnextrequest con variables ifindex en conflicto, que hace que snmpnetstat escriba datos de variables más allá del fin del array. • https://www.exploit-db.com/exploits/21200 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696 http://www.securityfocus.com/archive/1/248141 http://www.securityfocus.com/bid/3780 https://exchange.xforce.ibmcloud.com/vulnerabilities/7776 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1170
https://notcve.org/view.php?id=CVE-2002-1170
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference. La función handle_var_requests en snmp_agent.c del demonio SNMP en el paquete Net-SNMP (antes ucd-snmp) 5.0.1, 5.0.3, y 5.0.4.pre2, permite a atacantes remotos causar una denegación de servicio (caida) mediante una desreferencia nula (NULL). • http://marc.info/?l=bugtraq&m=103359362020365&w=2 http://sourceforge.net/forum/forum.php?forum_id=216532 http://www.idefense.com/advisory/10.02.02.txt http://www.redhat.com/support/errata/RHSA-2002-228.html http://www.securityfocus.com/bid/5862 https://exchange.xforce.ibmcloud.com/vulnerabilities/10250 •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 0CVE-2002-0012
https://notcve.org/view.php?id=CVE-2002-0012
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Vulnerabilidades en un elevado número de implementaciones SNMP permite que atacantes remotos provoquen una denegación del servicio u obtengan privilegios debido al manejo del mensaje trap de SNMPv1 (como se ha demostrado por medio del suite PROTOS c06-SNMv1). • ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A http://www.cert.org/advisories/CA-2002-03.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html http://www.iss.net/security_center/alerts/advise110.php http://www.kb.cert.org/vuls/id/107186 http://www.redhat.com/support/errata/RHSA-2001-163.html http://www.securityfocus.com/advisories/4211 http://www.securityfocus.com/bid/5043 https://docs.microsoft.com/en-us/security- • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 91%CPEs: 1EXPL: 1CVE-2002-0013 – Cisco IOS 11/12 - SNMP Message Denial of Service
https://notcve.org/view.php?id=CVE-2002-0013
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. Vulnerabilidades en un elevado número de implementaciones SNMP permite que atacantes remotos provoquen una denegación del servicio u obtengan privilegios debido al manejo de los mensajes GetRequest, GetNextRequest y Set Requests de SNMPv1 (como se ha demostrado por medio del suite PROTOS c06-SNMv1). • https://www.exploit-db.com/exploits/21296 ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A http://sunsolve.sun.com/search/document.do?assetkey=1-26-57404-1 http://www.cert.org/advisories/CA-2002-03.html http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html http://www.iss.net/security_center/alerts/advise110.php http://www.kb.cert.org/vuls/id/854306 http://www.redhat.com/support/errata/RHSA-2001-163.html https://docs. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-1999-0472
https://notcve.org/view.php?id=CVE-1999-0472
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0472 •