Astra Linux – Vulnerability in Network-Manager

It was found that nmcli, a command-line interface for NetworkManager, does not honor the 802-1x.ca-path and 802-1x.phase2-ca-path settings when creating a new profile. When a user connects to a network using this profile, authentication does not occur, and the connection is made insecurely...

CVE-2024-39810

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

EUVD-2024-38242

Malicious code in bioql PyPI...

curl: [High] MITM via Insecure CA Path Handling in cURL (--capath, CURLOPT_CAPATH) (CWE-494: Download of Code Without Integrity Check)

Summary: The --capath option in cURL and CURLOPTCAPATH in libcurl accept any directory path without validation. If an attacker provides a custom CA path containing a fake root certificate, cURL will trust malicious HTTPS endpoints signed with that fake root. This allows for full Man-in-the-Middle...

Mattermost Server 9.5.x < 9.5.8 / 9.10.x < 9.10.1 (MMSA-2024-00359)

The version of Mattermost Server installed on the remote host is prior to 9.5.8 or 9.10.1. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00359 advisory. - Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the...

CVE-2024-39810

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

CVE-2024-39810

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

CVE-2024-39810

Mattermost Server vulnerable versions: 9.5.x up to 9.5.7 and 9.10.x up to 9.10.0. The root cause is failure to time/size-limit the CA path file in the Elasticsearch configuration, allowing a System Role with access to the Elasticsearch console to set any file as a CA path (e.g., /dev/zero). After...

CVE-2024-39810 Server crash via Elasticsearch certificate file

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

CVE-2024-39810 Server crash via Elasticsearch certificate file

Mattermost versions 9.5.x = 9.5.7 and 9.10.x = 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearch system console to add any file as a CA path field, such as /dev/zero and, after testing the...

PT-2024-28680 · Unknown · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.7 Mattermost versions 9.10.x through 9.10.0 Description: The issue arises from the failure to time limit and size limit the CA path file in the ElasticSearch configuration. This allows a System Role with...

Oracle Linux 8 : NetworkManager (ELSA-2020-3011)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-3011 advisory. 1:1.22.8-5 - dhcp: fix handling IO error in nettools DHCPv4 client rh 1843357 - ifcfg-rh: handle '802-1x.,phase2-ca-path' rh 1843360, CVE-2020-10754 Tenable has...

Perimeter 81 安全漏洞

Perimeter 81 is a cybersecurity experience platform from the Israeli company Perimeter 81. A security vulnerability exists in Perimeter 81 version 10.0.0.19, which originates from shell metacharacters in usingCAPath...

Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2021-1529)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for NetworkManager (EulerOS-SA-2020-2499)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : NetworkManager (EulerOS-SA-2020-2499)

According to the version of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when...

NetworkManager security and bug fix update

1:1.22.8-5 - dhcp: fix handling IO error in nettools DHCPv4 client rh 1843357 - ifcfg-rh: handle '802-1x.,phase2-ca-path' rh 1843360, CVE-2020-10754...

CVE-2020-10754

CVE-2020-10754 affects NetworkManager via nmcli, where 802-1x.ca-path and 802-1x.phase2-ca-path are not honoured when creating a new profile. This can allow a user to connect to a network without proper authentication, resulting in an insecure connection. Public references in connected documents ...

NetworkManager Access Control Error Vulnerability

NetworkManager is a network management daemon. A security vulnerability exists in NetworkManager that stems from the fact that nmcli command line interface does not enforce the 802-1x.ca-path and 802-1x.phase2-ca-path settings. No details of the vulnerability are available at this time...