23 matches found
EUVD-2022-42683
Malicious code in bioql PyPI...
TencentOS Server 4: fwupd (TSSA-2025:0084)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0084 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Linux Distros Unpatched Vulnerability : CVE-2022-3287
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction,...
RHEL 8 : fwupd (RHSA-2024:1106)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1106 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...
Oracle Linux 8 : fwupd (ELSA-2023-7189)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-7189 advisory. 1.7.8-2.0.1 - Modify %prep to correctly apply downstream patches - Align sections to 512 bytes Orabug: 35265981 - Use objcopy to build arm/aarch64 binaries if...
CentOS 8 : fwupd (CESA-2023:7189)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:7189 advisory. - When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction,...
RHEL 8 : fwupd (RHSA-2023:7189)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:7189 advisory. The fwupd packages provide a service that allows session software to update device firmware. Security Fixes: fwupd: world readable password in...
Oracle Linux 9 : fwupd (ELSA-2023-2487)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2487 advisory. 1.8.10-2.0.1 - Drop pesign.service restart in postun Orabug: 34760075 - Update signing certificate JIRA: OLDIS-16371 - Rebuild for SecureBoot signature...
SUSE CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
fwupd information disclosure vulnerability
fwupd is a plugin that supports firmware updates for session software on Linux platforms. fwupd 1.8.5 previously contained an information disclosure vulnerability that stemmed from the fact that when creating an OPERATOR user account on BMC, the redfish plugin saved the automatically generated...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
DEBIAN-CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
UBUNTU-CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
Authorization
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
CVE-2022-3287 affects fwupd where the Redfish plugin saved the auto-generated BMC password to /etc/fwupd/redfish.conf with insufficient access restriction, enabling any local user to read the password. Impact is confidentiality of credentials (high), with no remote exploitation details provided i...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...