Vulnerabilities > Gnome > Networkmanager

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2021-20297 Improper Input Validation vulnerability in multiple products
A flaw was found in NetworkManager in versions before 1.30.0.
local
low complexity
gnome redhat fedoraproject CWE-20
2.1
2020-06-08 CVE-2020-10754 Missing Authentication for Critical Function vulnerability in multiple products
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile.
network
low complexity
gnome fedoraproject CWE-306
4.3
2020-03-10 CVE-2012-1096 Improper Certificate Validation vulnerability in multiple products
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
local
low complexity
gnome debian CWE-295
4.9
2020-01-27 CVE-2006-7246 Improper Certificate Validation vulnerability in multiple products
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
high complexity
gnome opensuse suse CWE-295
3.2
2019-12-26 CVE-2012-2736 Missing Authentication for Critical Function vulnerability in multiple products
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
3.3
2018-03-20 CVE-2018-1000135 Information Exposure vulnerability in multiple products
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN.
network
low complexity
gnome canonical CWE-200
5.0
2011-11-04 CVE-2011-3364 Unspecified vulnerability in Gnome Ifcfg-Rh Plug-In
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
local
gnome
6.9
2011-09-02 CVE-2011-2176 Improper Authentication vulnerability in Gnome Networkmanager
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
local
low complexity
gnome CWE-287
2.1
2011-06-14 CVE-2011-1943 Information Exposure Through Log Files vulnerability in multiple products
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
local
low complexity
gnome fedoraproject CWE-532
2.1
2009-12-23 CVE-2009-4145 Information Exposure vulnerability in Gnome Networkmanager 0.7.2
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
local
low complexity
gnome CWE-200
2.1