Vulnerabilities > Gentoo > Portage > 2.3.82
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2016-20021 | Improper Verification of Cryptographic Signature vulnerability in Gentoo Portage In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. | 9.8 |
| 2020-01-21 | CVE-2019-20384 | Improper Preservation of Permissions vulnerability in Gentoo Portage Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. | 2.1 |