VYPR

rpm package

opensuse/fwupd&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/fwupd&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2022-3287Sep 28, 2022
    affected < 1.8.6-1.1fixed 1.8.6-1.1

    When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

  • CVE-2020-10759Sep 15, 2020
    affected < 1.5.8-1.5fixed 1.5.8-1.5

    A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or