CVE Vulnerabilities

CVE-2014-3585

Improper Verification of Cryptographic Signature

Published: Nov 22, 2019 | Modified: Feb 13, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

redhat-upgrade-tool: Does not check GPG signatures when upgrading versions

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Redhat-upgrade-tool Redhat - -

References