CVE-2025-27259

< 25.2

Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or

5.4MEDIUM

CVE-2025-27258

< 25.1

Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of

9.8CRITICAL

CVE-2024-25007

< 23.1

Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where I

7.1HIGH

CVE-2023-39909

< 23.2

Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM app

8.8HIGH

CVE-2022-46408

< 22.1

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (

6.8MEDIUM

CVE-2022-46407

< 22.2

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open

4.8MEDIUM

CVE-2021-32570

< 21.2

In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data

4.9MEDIUM

CVE-2021-28488

< 21.2

Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available

6.5MEDIUM

CVE-2021-20297

< 1.30.0

A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a profile crashes NetworkManager.

5.5MEDIUM

CVE-2020-10754

< 1.22.14

It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path and 802-1x.phase2-ca-path settin

4.3MEDIUM

CVE-2012-1096

<= 0.9.0

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via th

5.5MEDIUM

CVE-2019-10786

<= 1.0.2

network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument.

9.8CRITICAL

CVE-2006-7246

>= 0.9.0 and <= 0.9.9.98

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

6.8MEDIUM

CVE-2012-2736

all versions

In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecu

4.4MEDIUM

CVE-2018-1000135

<= 1.10.2

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can r

7.5HIGH

CVE-2016-0764

<= 1.0.8

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC No

6.2MEDIUM

CVE-2015-0272

< 1.2.0

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an

CVE-2015-2924

<= 1.0.7

The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Netwo

CVE-2015-1322

<= 0.9.8.7

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.

CVE-2011-2176

<= 0.8.4

GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypas

CVE-2011-1943

< 0.8.9997

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15

CVE-2009-4145

all versions

nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI,

CVE-2009-4144

all versions

NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterpri

CVE-2005-2410

< 0.4.1

Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary cod