CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-20297 – NetworkManager: Profile with match.path setting triggers crash
https://notcve.org/view.php?id=CVE-2021-20297
15 Apr 2021 — A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. Se encontró un fallo en NetworkManager en versiones anteriores a 1.30.0. Ajustando el archivo match.path y activando un perfil bloquea NetworkManager. • https://bugzilla.redhat.com/show_bug.cgi?id=1943282 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10754 – NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults
https://notcve.org/view.php?id=CVE-2020-10754
08 Jun 2020 — It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely. Se encontró que nmcli, una interfaz de línea de comandos para NetworkManager no respetaba las configuraciones 802-1x.ca-path y 802-1x.phase2-ca-path, cuando se crea un nuevo perfil. Cuando un usuario se conecta a una red ... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2012-1096 – GNOME NetworkManager 0.x - Local Arbitrary File Access
https://notcve.org/view.php?id=CVE-2012-1096
10 Mar 2020 — NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. NetworkManager versiones 0.9 y anteriores, permiten a usuarios locales utilizar certificados privados o claves privadas de otros usuarios cuando se realiza una conexión mediante la ruta del archivo al agregar una nueva conexión. • https://www.exploit-db.com/exploits/36887 • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 3CVE-2006-7246
https://notcve.org/view.php?id=CVE-2006-7246
27 Jan 2020 — NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. NetworkManager versiones 0.9.x, no fija un asunto del certificado en un ESSID cuando es usada la autenticación 802.11X. • http://www.openwall.com/lists/oss-security/2010/04/22/2 • CWE-295: Improper Certificate Validation •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 1CVE-2012-2736
https://notcve.org/view.php?id=CVE-2012-2736
26 Dec 2019 — In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. En NetworkManager versión 0.9.2.0, cuando una nueva red inalámbrica fue creada con seguridad WPA/WPA2 en modo AdHoc, creó una red abierta y no segura. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-1000135
https://notcve.org/view.php?id=CVE-2018-1000135
20 Mar 2018 — GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. GNOME NetworkManager, en versiones 1.10.2 y anteriores, contiene... • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 1%CPEs: 25EXPL: 0CVE-2015-0272 – NetworkManager: remote DoS using IPv6 RA with bogus MTU
https://notcve.org/view.php?id=CVE-2015-0272
23 Sep 2015 — GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. NOME NetworkManager permite a atacantes remotos causar una denegación de servicio (interrupción del tráfico IPv6) a través de un valor MTU manipulado en un mensaje Router Advertisement (RA) IPv6, una vulnerabilidad diferente a CVE-2015-8215. It was discovered that NetworkManager would set device... • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2011-3364 – NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name
https://notcve.org/view.php?id=CVE-2011-3364
04 Nov 2011 — Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. Vulnerabilidad de lista negra incompleta en la función svEscape en e... • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2011-2176 – NetworkManager: Did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
https://notcve.org/view.php?id=CVE-2011-2176
02 Sep 2011 — GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. GNOME NetworkManager antes de v0.8.6 G no aplica correctamente el elemento auth_admin de PolicyKit, lo que permite a usuarios locales eludir restricciones intencionadas en el intercambio de redes inalámbricas a través de vectores no especificados. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1943
https://notcve.org/view.php?id=CVE-2011-1943
14 Jun 2011 — The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. La función destroy_one_secret en nm-setting-vpn.c en libnm-util en el paquete de NetworkManager v0.8.999-3.git20110526 en Fedora 15 crea una entrada de registro que contiene una contraseña del certificado, que permite a usuarios locales obtener i... • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6 • CWE-532: Insertion of Sensitive Information into Log File •