MiracleLinux 9 : fwupd-1.8.10-2.el9.ML.1 (AXSA:2023-5696:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5696:02 advisory. fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 shim: 3rd party shim allow secure boot bypass CVE-2022-34301 shim: 3rd party...

MiracleLinux 8 : fwupd-1.7.8-2.el8.ML.1 (AXSA:2023-7312:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-7312:04 advisory. fwupd: world readable password in /etc/fwupd/redfish.conf CVE-2022-3287 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2020-3175

Malware in sbrugna...

fwupd: world readable password in /etc/fwupd/redfish.conf

A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...

PT-2023-36150 · Fwupd · Fwupd

Name of the Vulnerable Software and Affected Versions: fwupd affected versions not specified Description: The issue concerns a problem that is fixed by rebuilding the package with a new secure boot key. Recommendations: At the moment, there is no information about a newer version that contains a...

PT-2022-7456 · Linux +7 · Fwupd +7

Name of the Vulnerable Software and Affected Versions: fwupd affected versions not specified Description: The issue is related to the fwupd daemon for managing firmware updates in Linux-based systems. When creating an OPERATOR user account on the BMC, the redfish plugin saves the auto-generated...

PT-2022-37514 · Fwupd · Fwupd

Name of the Vulnerable Software and Affected Versions: fwupd affected versions not specified Description: The issue with fwupd involves ignoring non-PCI NVMe devices, such as NVMe-over-Fabrics, when probing. Additionally, the package was rebuilt with a new UEFI secure boot key. Recommendations: A...

AlmaLinux 8 : gnome-software and fwupd (ALSA-2020:4436)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4436 advisory. - A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is...

CVE-2020-10759

A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service LVFS is either not implemented or enabled in versions ...