2 matches found
CVE-2014-0022
The CVE-2014-0022 issue affects yum 3.4.3 and earlier where installUpdates in yum-cron/yum-cron.py does not correctly handle the return value of sigCheckPkg, allowing an unsigned package to bypass RPM package signing restrictions. This is a remote-codeish risk vector tied to RPM signature checks,...
CVE-2013-1910
CVE-2013-1910 affects the yum package, where improper handling of bad metadata can cause a denial of service and potentially other unspecified impact via a Trojan horse file in the metadata of a remote repository. The vulnerability is documented with high/critical severity (CVSS 2.0/3.1) and is r...