13 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. Se encontró un fallo en NetworkManager en versiones anteriores a 1.30.0. Ajustando el archivo match.path y activando un perfil bloquea NetworkManager. • https://bugzilla.redhat.com/show_bug.cgi?id=1943282 https://access.redhat.com/security/cve/CVE-2021-20297 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely. Se encontró que nmcli, una interfaz de línea de comandos para NetworkManager no respetaba las configuraciones 802-1x.ca-path y 802-1x.phase2-ca-path, cuando se crea un nuevo perfil. Cuando un usuario se conecta a una red usando este perfil, la autenticación no ocurre y la conexión se realiza de forma no segura A flaw was found in nmcli, where the command-line interface to the NetworkManager did not accept the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and an insecure connection occurs. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10754 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/44FTVXWKDYIAMOOP2PZMUY3D2QNWAVBZ https://access.redhat.com/security/cve/CVE-2020-10754 https://bugzilla.redhat.com/show_bug.cgi?id=1841041 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. NetworkManager versiones 0.9 y anteriores, permiten a usuarios locales utilizar certificados privados o claves privadas de otros usuarios cuando se realiza una conexión mediante la ruta del archivo al agregar una nueva conexión. • https://www.exploit-db.com/exploits/36887 http://www.openwall.com/lists/oss-security/2012/03/02/3 https://access.redhat.com/security/cve/cve-2012-1096 https://bugzilla.gnome.org/show_bug.cgi?id=793329 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1096 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-1096 https://security-tracker.debian.org/tracker/CVE-2012-1096 • CWE-295: Improper Certificate Validation •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time. GNOME NetworkManager, en versiones 1.10.2 y anteriores, contiene una vulnerabilidad de exposición de información (CWE-200) en la resolución DNS que puede resultar en el filtrado de consultas DNS privadas en los servidores DNS de las redes locales mientras se está en una VPN. Aparentemente, esta vulnerabilidad ha sido solucionada en algunos paquetes de Ubuntu 16.04, pero las posteriores actualizaciones eliminaron esta solución. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 no parece que exista actualmente una solución ascendente. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00005.html http://www.securityfocus.com/bid/103478 https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671 https://bugzilla.gnome.org/show_bug.cgi?id=746422 https://bugzilla.redhat.com/show_bug.cgi?id=1553634 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Una condición de carrera en Network Manager anterior a versión 1.0.12 como empaquetado en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7 y Red Hat Enterprise Linux Workstation 7, permite a los usuarios locales obtener información de conexión confidencial mediante la lectura de archivos temporales durante cambios de ifcfg y keyfile. A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. • http://rhn.redhat.com/errata/RHSA-2016-2581.html https://bugzilla.redhat.com/show_bug.cgi?id=1324025 https://access.redhat.com/security/cve/CVE-2016-0764 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •