CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-20021 – Gentoo Linux Security Advisory 202409-01
https://notcve.org/view.php?id=CVE-2016-20021
12 Jan 2024 — In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable. En Gentoo Portage anterior a 3.0.47, falta la validación PGP del código ejecutado: el emerge-webrsync independiente descarga un archivo .gpgsig pero no realiza la verificación de firma. A vulnerability has been discovered in Portage, where PGP signatures would not be v... • https://bugs.gentoo.org/597800 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-20384
https://notcve.org/view.php?id=CVE-2019-20384
20 Jan 2020 — Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. Gentoo Portage versiones hasta 2.3.84, permite a usuarios locales colocar un complemento de tipo caballo de Troya en el directorio /usr/lib64/nagios/plugins al aprovechar el acceso a la cuenta de usuario nagios, porque este directorio es escribible entre ... • http://www.openwall.com/lists/oss-security/2020/01/21/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2100 – Gentoo Linux Security Advisory 201507-16
https://notcve.org/view.php?id=CVE-2013-2100
29 Sep 2014 — The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. La función urlopen en pym/portage/util/_urlopen.py en Gentoo Portage 2.1.12, cuando utiliza HTTPS, no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y modificar listas de... • http://openwall.com/lists/oss-security/2013/05/15/5 • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-4394
https://notcve.org/view.php?id=CVE-2008-4394
10 Oct 2008 — Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. Múltiples vulnerabilidades de búsqueda en ruta no confiable en Portage en versiones anteriores a la v2.1.4.5 incluido el directorio actual de trabajo que permite a usuarios locale... • http://secunia.com/advisories/32228 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2007-6249
https://notcve.org/view.php?id=CVE-2007-6249
15 Dec 2007 — etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. etc-update en Portage before 2.1.3.11 sobre Gentoo Linux depende de umask para asignar permisos al fichero a unir, normalmente como resultado de permisos débiles que los archivos orignales, lo cual podría permitir a usuarios locales obten... • http://bugs.gentoo.org/show_bug.cgi?id=193589 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2004-1901
https://notcve.org/view.php?id=CVE-2004-1901
31 Dec 2004 — Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. • http://secunia.com/advisories/11305 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •