Vulnerabilities > Gnome > Networkmanager > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-06-08 CVE-2020-10754 Missing Authentication for Critical Function vulnerability in multiple products
It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile.
network
low complexity
gnome fedoraproject CWE-306
4.3
2020-03-10 CVE-2012-1096 Improper Certificate Validation vulnerability in multiple products
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
local
low complexity
gnome debian CWE-295
4.9
2018-03-20 CVE-2018-1000135 Information Exposure vulnerability in multiple products
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN.
network
low complexity
gnome canonical CWE-200
5.0
2011-11-04 CVE-2011-3364 Unspecified vulnerability in Gnome Ifcfg-Rh Plug-In
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
local
gnome
6.9
2009-12-23 CVE-2009-4144 Cryptographic Issues vulnerability in Gnome Networkmanager 0.7.2
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
network
gnome CWE-310
6.8