Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:fwupd:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductFwupd (361893eb-f8a6-5c58-a1fc-193a267fc971)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-3287 vulnerable 2026-06-08 05:47:20.259692 Details available
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
Published: 2022-09-28T19:07:38.000Z
Updated: 2025-05-20T20:12:47.373Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10759 vulnerable 2026-06-08 05:16:35.848308 Details available
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Published: 2020-09-15T18:37:45.000Z
Updated: 2024-08-04T11:14:14.965Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.