Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...

AlmaLinux 8 : gnome-software and fwupd (ALSA-2020:4436)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4436 advisory. - A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is...

CVE-2021-20156

Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that could allow for a malicious firmware update. It is possible to manually install firmware that may be malicious in nature as there does not appear to be any signature validation done to determine if i...

PT-2021-7664 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud devices before OS5 Description: The issue is related to incorrect cryptographic signature verification in the Western Digital MyCloud PR4100 firmware. This could allow a remote attacker to execute arbitrary code. The...

SUSE: Security Advisory (SUSE-SU-2020:1681-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2021-0158 Updated fwupd packages fix a security vulnerability

A PGP signature bypass was found in fwupd, which could lead to possible installation of unsigned firmware CVE-2020-10759...

CVE-2020-29438

Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip...

Tesla Model X Data Falsification Issue Vulnerability

Tesla The Tesla Model X is a new energy vehicle from the American company Tesla. Tesla Model X vehicles versions prior to 2020-11-23 suffer from a security vulnerability that stems from having critical fobs that can accept firmware updates without signature verification.This allows an attacker to...

Barco wePresent WiPG-1600W Security Vulnerability

The Barco Barco wePresent WiPG-1600W is a management device for use in conference environments from Barco Belgium. A security vulnerability exists in the Barco wePresent WiPG-1600W that stems from not performing validation of digitally signed firmware updates and the ease of handling and installi...

Oracle Linux 8 : gnome-software / and / fwupd (ELSA-2020-4436)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4436 advisory. - Add signing with redhatsecureboot503 cert Related: CVE-2020-10713 - Security fix for CVE-2020-10759 Tenable has extracted the preceding description block...

fwupd: Possible bypass in signature verification

A PGP signature bypass flaw was found in fwupd, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions of fwupd...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

DEBIAN-CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

Design/Logic Flaw

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...

OPENSUSE-SU-2020:0849-1 Security update for fwupd

This update for fwupd fixes the following issues: - CVE-2020-10759: Fixed a potential PGP signature bypass, which could have led to installation of unsigned firmware bsc1172643 This update was imported from the SUSE:SLE-15-SP1:Update update project...

SUSE-SU-2020:1681-1 Security update for fwupd

This update for fwupd fixes the following issues: - CVE-2020-10759: Fixed a potential PGP signature bypass, which could have led to installation of unsigned firmware bsc1172643...

USN-4395-1: fwupd vulnerability

Justin Steven discovered that fwupd incorrectly handled certain signature verification. An attacker could possibly use this issue to install an unsigned firmware...