Gnome : Security Vulnerabilities, CVEs, Published In 2009 (Denial of service) CVSS score >= 5
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
Max CVSS
6.8
EPSS Score
1.42%
Published
2009-12-23
Updated
2017-09-19
The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain length value is consistent with the amount of data in a challenge packet, which allows remote mail servers to read information from the process memory of a client, or cause a denial of service (client crash), via an NTLM authentication type 2 packet with a length value that exceeds the amount of packet data.
Max CVSS
5.8
EPSS Score
0.27%
Published
2009-03-14
Updated
2017-09-29
2 vulnerabilities found