Vulnerabilities > Gentoo > Portage
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2016-20021 | Improper Verification of Cryptographic Signature vulnerability in Gentoo Portage In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. | 9.8 |
| 2020-01-21 | CVE-2019-20384 | Race Condition vulnerability in Gentoo Portage Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. | 5.5 |
| 2017-06-27 | CVE-2004-2778 | Permissions, Privileges, and Access Controls vulnerability in Gentoo Portage Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. | 7.1 |
| 2004-12-31 | CVE-2004-1901 | Link Following vulnerability in Gentoo Linux and Portage Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | 5.5 |