20 matches found
MiracleLinux 8 : fwupd-1.7.8-2.el8.ML.1 (AXSA:2023-7312:04)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7312:04 advisory. fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 Tenable has extracted the preceding description block directly from the MiracleLinux...
TencentOS Server 4: fwupd (TSSA-2025:0084)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0084 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
TencentOS Server 3: fwupd (TSSA-2023:0301)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0301 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2022-3287
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction,...
RHEL 8 : fwupd (RHSA-2024:1403)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1403 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...
RHEL 8 : fwupd (RHSA-2024:1106)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1106 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...
Rocky Linux 8 : fwupd (RLSA-2023:7189)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:7189 advisory. - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction,...
Oracle Linux 8 : fwupd (ELSA-2023-7189)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7189 advisory. 1.7.8-2.0.1 - Modify %prep to correctly apply downstream patches - Align sections to 512 bytes Orabug: 35265981 - Use objcopy to build arm/aarch64 binaries if...
ALSA-2023:7189 Moderate: fwupd security update
The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: fwupd security update
The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
CentOS 8 : fwupd (CESA-2023:7189)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7189 advisory. - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction,...
RHEL 9 : fwupd (RHSA-2023:2487)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2487 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password ...
Moderate: Red Hat Security Advisory: fwupd security and bug fix update
An update for fwupd is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2023:2487 Moderate: fwupd security and bug fix update
The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 shim: 3rd party shim allow secure boot bypass CVE-2022-34301 shim: 3rd party shim allow secure boot bypass...
Moderate: fwupd security and bug fix update
The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 shim: 3rd party shim allow secure boot bypass CVE-2022-34301 shim: 3rd party shim allow secure boot bypass...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
CVE-2022-3287 affects fwupd where the Redfish plugin saved the auto-generated BMC password to /etc/fwupd/redfish.conf with insufficient access restriction, enabling any local user to read the password. Impact is confidentiality of credentials (high), with no remote exploitation details provided i...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...