Vulnerabilities > Gentoo > Portage

DATE CVE VULNERABILITY TITLE RISK
2024-01-12 CVE-2016-20021 Improper Verification of Cryptographic Signature vulnerability in Gentoo Portage
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification.
network
low complexity
gentoo CWE-347
critical
9.8
2020-01-21 CVE-2019-20384 Race Condition vulnerability in Gentoo Portage
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
local
low complexity
gentoo CWE-362
5.5
2017-06-27 CVE-2004-2778 Permissions, Privileges, and Access Controls vulnerability in Gentoo Portage
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
local
low complexity
gentoo CWE-264
7.1
2004-12-31 CVE-2004-1901 Link Following vulnerability in Gentoo Linux and Portage
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
local
low complexity
gentoo CWE-59
5.5