cbcvebase.

Debian Network-Manager vulnerabilities

15 known vulnerabilities affecting debian/network-manager.

Total CVEs
15
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5LOW8

Vulnerabilities

Page 1 of 1
CVE-2018-15688P3HIGHCVSS 8.8fixed in network-manager 1.14.4-2 (bookworm)2018
CVE-2018-15688 [HIGH] CVE-2018-15688: network-manager - A buffer overflow vulnerability in the dhcp6 client of systemd allows a maliciou... A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239. Scope: local bookworm: resolved (fixed in 1.14.4-2) bullseye: resolved (fixed in 1.14.4-2) forky: resolved (fixed in 1.14.4-2) sid: resolved (fixed in 1.1
debian
CVE-2018-1000135P3HIGHCVSS 7.5fixed in network-manager 1.12.0-2 (bookworm)2018
CVE-2018-1000135 [HIGH] CVE-2018-1000135: network-manager - GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure ... GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.laun
debian
CVE-2006-7246P4MEDIUMCVSS 6.8fixed in network-manager 0.9.4.0-1 (bookworm)2006
CVE-2006-7246 [MEDIUM] CVE-2006-7246: network-manager - NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.1... NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. Scope: local bookworm: resolved (fixed in 0.9.4.0-1) bullseye: resolved (fixed in 0.9.4.0-1) forky: resolved (fixed in 0.9.4.0-1) sid: resolved (fixed in 0.9.4.0-1) trixie: resolved (fixed in 0.9.4.0-1)
debian
CVE-2009-4144P4LOWCVSS 6.8fixed in network-manager-applet 0.7.2-2 (bookworm)2009
CVE-2009-4144 [MEDIUM] CVE-2009-4144: network-manager - NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Auth... NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless n
debian
CVE-2015-0272P4MEDIUMCVSS 5.0fixed in network-manager 1.0.4-1 (bookworm)2015
CVE-2015-0272 [MEDIUM] CVE-2015-0272: network-manager - GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 ... GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. Scope: local bookworm: resolved (fixed in 1.0.4-1) bullseye: resolved (fixed in 1.0.4-1) forky: resolved (fixed in 1.0.4-1) sid: resolved (fixed
debian
CVE-2016-0764P4MEDIUMCVSS 6.2fixed in network-manager 1.1.91-1 (bookworm)2016
CVE-2016-0764 [MEDIUM] CVE-2016-0764: network-manager - Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterpris... Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Scope: local bookworm:
debian
CVE-2020-10754P4LOWCVSS 4.3fixed in network-manager 1.24.2-1 (bookworm)2020
CVE-2020-10754 [MEDIUM] CVE-2020-10754: network-manager - It was found that nmcli, a command line interface to NetworkManager did not hono... It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settings, when creating a new profile. When a user connects to a network using this profile, the authentication does not happen and the connection is made insecurely. Scope: local bookworm: resolved (fixed in 1.24.2-1) bullseye: resol
debian
CVE-2021-20297P4MEDIUMCVSS 5.5fixed in network-manager 1.30.0-2 (bookworm)2021
CVE-2021-20297 [MEDIUM] CVE-2021-20297: network-manager - A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path... A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager. The highest threat from this vulnerability is to system availability. Scope: local bookworm: resolved (fixed in 1.30.0-2) bullseye: resolved (fixed in 1.30.0-2) forky: resolved (fixed in 1.30.0-2) sid: resolved (fixed in 1.30.0-
debian
CVE-2012-2736P4LOWCVSS 4.4fixed in network-manager 0.9.4.0-1 (bookworm)2012
CVE-2012-2736 [MEDIUM] CVE-2012-2736: network-manager - In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2... In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. Scope: local bookworm: resolved (fixed in 0.9.4.0-1) bullseye: resolved (fixed in 0.9.4.0-1) forky: resolved (fixed in 0.9.4.0-1) sid: resolved (fixed in 0.9.4.0-1) trixie: resolved (fixed in 0.9.4.0-1)
debian
CVE-2025-9615P4LOWCVSS 3.3fixed in network-manager 1.54.3-1 (forky)2025
CVE-2025-9615 [LOW] CVE-2025-9615: network-manager - A flaw was found in NetworkManager. The NetworkManager package allows access to ... A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection. Scope: local bookworm: open bullseye: open forky: r
debian
CVE-2009-0365P4MEDIUMCVSS 4.6fixed in network-manager 0.6.5-1 (bookworm)2009
CVE-2009-0365 [MEDIUM] CVE-2009-0365: network-manager - nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect den... nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler. Scope: local bookworm: resolved (fixed in 0.6.5-1) bullseye: resolved (fixed in 0.6.5-1) forky: resolved (fixed
debian
CVE-2015-2924P4LOWCVSS 3.3fixed in network-manager 1.0.2-1 (bookworm)2015
CVE-2015-2924 [LOW] CVE-2015-2924: network-manager - The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) ... The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. Scope: local bookworm: resolved (fixed in 1.0.2-1) bullsey
debian
CVE-2024-6501P4LOWCVSS 3.1fixed in network-manager 1.42.4-1+deb12u1 (bookworm)2024
CVE-2024-6501 [LOW] CVE-2024-6501: network-manager - A flaw was found in NetworkManager. When a system running NetworkManager with DE... A flaw was found in NetworkManager. When a system running NetworkManager with DEBUG logs enabled and an interface eth1 configured with LLDP enabled, a malicious user could inject a malformed LLDP packet. NetworkManager would crash, leading to a denial of service. Scope: local bookworm: resolved (fixed in 1.42.4-1+deb12u1) bullseye: resolved forky: resolved (fix
debian
CVE-2009-4145P4LOWCVSS 2.1fixed in network-manager-applet 0.7.2-2 (bookworm)2009
CVE-2009-4145 [LOW] CVE-2009-4145: network-manager - nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects ove... nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network. Scope: local bookworm: resolved bullseye: resolved forky: resolv
debian
CVE-2011-2176P4LOWCVSS 2.1fixed in network-manager 0.9.0-1 (bookworm)2011
CVE-2011-2176 [LOW] CVE-2011-2176: network-manager - GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin eleme... GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. Scope: local bookworm: resolved (fixed in 0.9.0-1) bullseye: resolved (fixed in 0.9.0-1) forky: resolved (fixed in 0.9.0-1) sid: resolved (fixed in 0.9.0-1) tr
debian
Debian Network-Manager vulnerabilities | cvebase