CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CNVD•added 2019/11/29 12:0 a.m.•4 views

Red Hat redhat-upgrade-tool data forgery issue vulnerability

Red Hat redhat-upgrade-tool is a system upgrade tool from Red Hat USA. A data forgery issue vulnerability exists in Red Hat redhat-upgrade-tool, which can be exploited by an attacker to conduct an attack with forged data...

10CVSS6.8AI score0.00277EPSS

Exploits0References1

NVD•added 2019/11/22 3:15 p.m.•12 views

CVE-2014-3585

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

10CVSS9.5AI score0.00277EPSS

Exploits0References2

Prion•added 2019/11/22 3:15 p.m.•20 views

Design/Logic Flaw

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

10CVSS7.1AI score0.00277EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/11/22 2:51 p.m.•19 views

CVE-2014-3585

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions...

9.6AI score0.00277EPSS

Exploits0References2

CVE•added 2019/11/22 2:51 p.m.•85 views

CVE-2014-3585

The CVE-2014-3585 entry concerns the Red Hat redhat-upgrade-tool, which does not verify GPG signatures when upgrading versions. This is described as enabling potential forgery or MitM-style abuse, with mitigations discussed in multiple sources. The impact is characterized as high (critical/remote...

10CVSS9.4AI score0.00277EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2019/11/22 12:0 a.m.•3 views

PT-2019-7094 · Red Hat · Redhat-Upgrade-Tool

Name of the Vulnerable Software and Affected Versions: redhat-upgrade-tool affected versions not specified Description: The issue is related to the redhat-upgrade-tool not checking GPG signatures when upgrading versions. Recommendations: At the moment, there is no information about a newer versio...

10CVSS9.2AI score0.00277EPSS

Exploits0References3

Veracode•added 2019/01/15 9:3 a.m.•16 views

Man-in-the-Middle (MitM)

redhat-upgrade-tool is vulnerable to man-in-the-middle MitM attack. The tool does not implement proper GPG signature verification when performing package installations, allowing an attacker to perform man-in-the-middle attacks against the client...

9.8CVSS9AI score0.00277EPSS

Exploits0References6Affected Software1