12 matches found
CVE-2021-20297
Summary: CVE-2021-20297 affects NetworkManager prior to 1.30.0, where configuring a profile with match.path and activating it can crash the daemon, with impact on availability. Affected : NetworkManager (versions before 1.30.0). Root cause : match.path handling in profile activation leads to a cr...
CVE-2015-0272
CVE-2015-0272 affects GNOME NetworkManager and allows remote denial of service via a crafted MTU value in IPv6 Router Advertisement messages. Public advisories (IBM PowerKVM bulletin and CentOS/Ubuntu/Debian disclosures) show patches and updated NetworkManager packages to fix the issue; remediati...
CVE-2018-1000135
CVE-2018-1000135 affects GNOME NetworkManager 1.10.2 and earlier, with an information-exposure flaw in the DNS resolver that can leak private DNS queries to local network DNS servers, including over VPN. The initial report notes an upstream fix did not appear to be publicly available and that Ubu...
CVE-2020-10754
CVE-2020-10754 affects NetworkManager via nmcli, where 802-1x.ca-path and 802-1x.phase2-ca-path are not honoured when creating a new profile. This can allow a user to connect to a network without proper authentication, resulting in an insecure connection. Public references in connected documents ...
CVE-2012-2736
CVE-2012-2736 affects NetworkManager 0.9.2.0. When a new wireless network is created with WPA/WPA2 security in AdHoc mode, the process can create an open/insecure network rather than a secure one. This has been observed in multiple feeds (NVD, OSV, SUSE, Debian trackers, etc.). The CVSS metrics i...
CVE-2011-2176
CVE-2011-2176 affects GNOME NetworkManager prior to 0.8.6 where PolicyKit auth_admin is not properly enforced, allowing local users to bypass wireless network sharing restrictions. The MiracleLinux Nessus notes CVE-2011-2176 as a remediation item in NetworkManager 0.8.x, and other advisories cite...
CVE-2006-7246
CVE-2006-7246 affects NetworkManager 0.9.x, where the code path used for 802.11X authentication does not pin a certificate’s subject to the ESSID. The root cause is a failure to bind the server certificate to the specific wireless network, potentially allowing credential exposure or man-in-the-mi...
CVE-2009-4145
CVE-2009-4145 affects NetworkManager (NM) 0.7.x via the nm-connection-editor D-Bus interface. The vulnerability arises because NM exports connection objects over D-Bus when actions are performed in the connection editor GUI, allowing a local user to read D-Bus signals and disclose sensitive infor...
CVE-2009-4144
CVE-2009-4144 affects NetworkManager 0.7.x (e.g., NM 0.7.2). The CA certificate file for WPA Enterprise/802.1x could be missing at connection time, allowing a remote attacker to spoof a wireless network and potentially obtain sensitive information or cause connectivity disruption. Multiple adviso...
CVE-2012-1096
CVE-2012-1096 affects NetworkManager 0.9 and earlier. The flaw allows local users to access other users’ certificates or private keys when establishing a connection via a file path during addition of a new connection. This is a local-attack exposure with a confidentiality impact reported as high ...
CVE-2011-1943
CVE-2011-1943 affects NetworkManager 0.8.999-3.git20110526 in Fedora 15, where the destroy_one_secret function in nm-setting-vpn.c (libnm-util) logs a certificate password. The log entry can be read by local users, allowing disclosure of sensitive information. Impact is limited to confidentiality...
CVE-2005-2410
The CVE-2005-2410 entry concerns NetworkManager’s nm_info_handler, where a format string vulnerability arises from improper handling of a Wireless Access Point identifier in a syslog call. The impact described in the sources is remote code execution via crafted input, with attack vector over the ...