CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20297 – NetworkManager: Profile with match.path setting triggers crash
https://notcve.org/view.php?id=CVE-2021-20297
15 Apr 2021 — A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. Se encontró un fallo en NetworkManager en versiones anteriores a 1.30.0. Ajustando el archivo match.path y activando un perfil bloquea NetworkManager. • https://bugzilla.redhat.com/show_bug.cgi?id=1943282 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10754 – NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults
https://notcve.org/view.php?id=CVE-2020-10754
08 Jun 2020 — It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely. Se encontró que nmcli, una interfaz de línea de comandos para NetworkManager no respetaba las configuraciones 802-1x.ca-path y 802-1x.phase2-ca-path, cuando se crea un nuevo perfil. Cuando un usuario se conecta a una red ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2012-1096 – GNOME NetworkManager 0.x - Local Arbitrary File Access
https://notcve.org/view.php?id=CVE-2012-1096
10 Mar 2020 — NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. NetworkManager versiones 0.9 y anteriores, permiten a usuarios locales utilizar certificados privados o claves privadas de otros usuarios cuando se realiza una conexión mediante la ruta del archivo al agregar una nueva conexión. • https://www.exploit-db.com/exploits/36887 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1000135
https://notcve.org/view.php?id=CVE-2018-1000135
20 Mar 2018 — GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. GNOME NetworkManager, en versiones 1.10.2 y anteriores, contiene... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2016-0764 – NetworkManager: Race condition allowing info leak
https://notcve.org/view.php?id=CVE-2016-0764
03 Nov 2016 — Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Una condición de carrera en Network Manager anterior a versión 1.0.12 como empaquetado en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Ente... • http://rhn.redhat.com/errata/RHSA-2016-2581.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-2924 – NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements
https://notcve.org/view.php?id=CVE-2015-2924
25 Sep 2015 — The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. La función receive_ra en rdisc/nm-lndp-rdisc.c en la implementación del protocolo Neighbor Discovery (ND) en la pila IPv6 en NetworkManager 1.x permite a atacantes remotos reconfigurar un ajuste de límite de... • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 5.5EPSS: 4%CPEs: 25EXPL: 0CVE-2015-0272 – NetworkManager: remote DoS using IPv6 RA with bogus MTU
https://notcve.org/view.php?id=CVE-2015-0272
23 Sep 2015 — GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. NOME NetworkManager permite a atacantes remotos causar una denegación de servicio (interrupción del tráfico IPv6) a través de un valor MTU manipulado en un mensaje Router Advertisement (RA) IPv6, una vulnerabilidad diferente a CVE-2015-8215. It was discovered that NetworkManager would set device... • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2011-3364 – NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name
https://notcve.org/view.php?id=CVE-2011-3364
04 Nov 2011 — Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. Vulnerabilidad de lista negra incompleta en la función svEscape en e... • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2011-2176 – NetworkManager: Did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
https://notcve.org/view.php?id=CVE-2011-2176
02 Sep 2011 — GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. GNOME NetworkManager antes de v0.8.6 G no aplica correctamente el elemento auth_admin de PolicyKit, lo que permite a usuarios locales eludir restricciones intencionadas en el intercambio de redes inalámbricas a través de vectores no especificados. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1943
https://notcve.org/view.php?id=CVE-2011-1943
14 Jun 2011 — The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. La función destroy_one_secret en nm-setting-vpn.c en libnm-util en el paquete de NetworkManager v0.8.999-3.git20110526 en Fedora 15 crea una entrada de registro que contiene una contraseña del certificado, que permite a usuarios locales obtener i... • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6 • CWE-532: Insertion of Sensitive Information into Log File •