CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0022

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.0%

CVSS Severity

CVSS v2 Score 5.0

References

Products affected by CVE-2014-0022

Baseurl » Yum » Version: 3.2.20

cpe:2.3:a:baseurl:yum:3.2.20
Baseurl » Yum » Version: 3.2.21

cpe:2.3:a:baseurl:yum:3.2.21
Baseurl » Yum » Version: 3.2.22

cpe:2.3:a:baseurl:yum:3.2.22
Baseurl » Yum » Version: 3.2.23

cpe:2.3:a:baseurl:yum:3.2.23
Baseurl » Yum » Version: 3.2.24

cpe:2.3:a:baseurl:yum:3.2.24
Baseurl » Yum » Version: 3.2.25

cpe:2.3:a:baseurl:yum:3.2.25
Baseurl » Yum » Version: 3.2.26

cpe:2.3:a:baseurl:yum:3.2.26
Baseurl » Yum » Version: 3.2.27

cpe:2.3:a:baseurl:yum:3.2.27
Baseurl » Yum » Version: 3.2.28

cpe:2.3:a:baseurl:yum:3.2.28
Baseurl » Yum » Version: 3.2.29

cpe:2.3:a:baseurl:yum:3.2.29
Baseurl » Yum » Version: 3.4.0

cpe:2.3:a:baseurl:yum:3.4.0
Baseurl » Yum » Version: 3.4.1

cpe:2.3:a:baseurl:yum:3.4.1
Baseurl » Yum » Version: 3.4.2

cpe:2.3:a:baseurl:yum:3.4.2
Baseurl » Yum » Version: 3.4.3

cpe:2.3:a:baseurl:yum:3.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0022

Products

Pricing

Contact Us