CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-20021 – Gentoo Linux Security Advisory 202409-01
https://notcve.org/view.php?id=CVE-2016-20021
12 Jan 2024 — In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable. En Gentoo Portage anterior a 3.0.47, falta la validación PGP del código ejecutado: el emerge-webrsync independiente descarga un archivo .gpgsig pero no realiza la verificación de firma. A vulnerability has been discovered in Portage, where PGP signatures would not be v... • https://bugs.gentoo.org/597800 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-20384
https://notcve.org/view.php?id=CVE-2019-20384
20 Jan 2020 — Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. Gentoo Portage versiones hasta 2.3.84, permite a usuarios locales colocar un complemento de tipo caballo de Troya en el directorio /usr/lib64/nagios/plugins al aprovechar el acceso a la cuenta de usuario nagios, porque este directorio es escribible entre ... • http://www.openwall.com/lists/oss-security/2020/01/21/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2008-4394
https://notcve.org/view.php?id=CVE-2008-4394
10 Oct 2008 — Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds. Múltiples vulnerabilidades de búsqueda en ruta no confiable en Portage en versiones anteriores a la v2.1.4.5 incluido el directorio actual de trabajo que permite a usuarios locale... • http://secunia.com/advisories/32228 •