Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 2 of 2 results

CVE-2022-3287

Low priority
Vulnerable

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.

1 affected packages

fwupd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fwupd Not affected Vulnerable Vulnerable Not affected Not affected
Show less packages

CVE-2020-10759

Medium priority
Fixed

A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor...

2 affected packages

fwupd, libjcat

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
fwupd Fixed Fixed Fixed Fixed
libjcat Not affected Not affected Not in release Not in release
Show less packages