Gentoo Portage
7 CVEs affecting Gentoo Portage. Latest disclosed: 2024-01-12. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-20021 | Critical | 9.8 | 2024-01-12 | In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform… |
CVE-2004-2778 | High | 7.1 | 2017-06-27 | Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricte… |
CVE-2019-20384 | Medium | 5.5 | 2020-01-21 | Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios u… |
CVE-2004-1901 | Medium | 5.5 | 2004-12-31 | Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. |
CVE-2013-2100 | | 2014-09-29 | The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which all… | |
CVE-2008-4394 | | 2008-10-10 | Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local us… | |
CVE-2007-6249 | | 2007-12-15 | etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than tho… |