Gentoo Portage

7 CVEs affecting Gentoo Portage. Latest disclosed: 2024-01-12. Critical: 1, High: 1.

Top CVEs affecting Gentoo Portage
CVESeverityScorePublishedSummary
CVE-2016-20021Critical9.82024-01-12In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform…
CVE-2004-2778High7.12017-06-27Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricte…
CVE-2019-20384Medium5.52020-01-21Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios u…
CVE-2004-1901Medium5.52004-12-31Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVE-2013-21002014-09-29The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which all…
CVE-2008-43942008-10-10Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local us…
CVE-2007-62492007-12-15etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than tho…