Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-0022
HistoryJan 26, 2014 - 4:58 p.m.

CVE-2014-0022

2014-01-2616:58:11
CWE-20
[email protected]
web.nvd.nist.gov
32
security
yum
package-signing
remote-attack
cve-2014-0022

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

Affected configurations

NVD
Node
baseurlyumRange3.4.3
OR
baseurlyumMatch3.4.0
OR
baseurlyumMatch3.4.1
OR
baseurlyumMatch3.4.2

Related

redhat 1
cvelist 1
nessus 5
openvas 4
ubuntucve 1
centos 1
veracode 1
amazon 1
prion 1
oraclelinux 1
nvd 1
rosalinux 1
redhat
redhat
(RHSA-2014:1004) Important: yum-updatesd security update
2014-08-05 00:00:00
cvelist
cvelist
CVE-2014-0022
2014-01-26 11:00:00
nessus
nessus
RHEL 5 : yum-updatesd (RHSA-2014:1004)
2014-08-05 00:00:00
Amazon Linux AMI : yum (ALAS-2014-315)
2014-03-28 00:00:00
Oracle Linux 5 : yum-updatesd (ELSA-2014-1004)
2014-08-06 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2014-1004)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2014-315)
2015-09-08 00:00:00
CentOS Update for yum-updatesd CESA-2014:1004 centos5
2014-08-06 00:00:00
ubuntucve
ubuntucve
CVE-2014-0022
2014-01-26 00:00:00
centos
centos
yum security update
2014-08-05 12:36:19
veracode
veracode
Authorization Bypass
2019-01-15 08:57:57
amazon
amazon
Medium: yum
2014-03-24 23:38:00
prion
prion
Authentication flaw
2014-01-26 16:58:00
oraclelinux
oraclelinux
yum-updatesd security update
2014-08-05 00:00:00
nvd
nvd
CVE-2014-0022
2014-01-26 16:58:11
rosalinux
rosalinux
Advisory ROSA-SA-2021-2002
2021-07-02 18:21:25

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.5%

JSON
Related for CVE-2014-0022
redhat1cvelist1nessus5openvas4ubuntucve1centos1veracode1amazon1prion1oraclelinux1nvd1rosalinux1