CVE-2014-0022

N/A Unknown
Published: January 26, 2014 Modified: April 29, 2026
View on NVD

Description

The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP package signing restriction via an unsigned package.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://secunia.com/advisories/56637
Source: secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/65119
Source: secalert@redhat.com
http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1052440
Source: secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1057377
Source: secalert@redhat.com
http://secunia.com/advisories/56637
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/65119
Source: af854a3a-2127-422b-91ae-364da2661108
http://yum.baseurl.org/gitweb?p=yum.git%3Ba=commitdiff%3Bh=9df69e5794
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=1052440
Source: af854a3a-2127-422b-91ae-364da2661108
https://bugzilla.redhat.com/show_bug.cgi?id=1057377
Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.6%
69th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20

Affected Vendors

baseurl

Related CVEs

CVE-2026-7182 N/A
CVE-2026-41553 N/A
CVE-2026-41552 N/A
CVE-2026-8503 N/A
CVE-2026-8454 N/A