rpm package
almalinux/fwupd-devel
pkg:rpm/almalinux/fwupd-devel
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-3287 | — | < 1.8.10-2.el9.alma | 1.8.10-2.el9.alma | Sep 28, 2022 | When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | ||
| CVE-2022-34303 | — | < 1.8.10-2.el9.alma | 1.8.10-2.el9.alma | Aug 26, 2022 | A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader | ||
| CVE-2022-34302 | — | < 1.8.10-2.el9.alma | 1.8.10-2.el9.alma | Aug 26, 2022 | A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed | ||
| CVE-2022-34301 | — | < 1.8.10-2.el9.alma | 1.8.10-2.el9.alma | Aug 26, 2022 | A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signe |
- CVE-2022-3287Sep 28, 2022affected < 1.8.10-2.el9.almafixed 1.8.10-2.el9.alma
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
- CVE-2022-34303Aug 26, 2022affected < 1.8.10-2.el9.almafixed 1.8.10-2.el9.alma
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader
- CVE-2022-34302Aug 26, 2022affected < 1.8.10-2.el9.almafixed 1.8.10-2.el9.alma
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed
- CVE-2022-34301Aug 26, 2022affected < 1.8.10-2.el9.almafixed 1.8.10-2.el9.alma
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signe