Vulnerabilities > Gentoo > Portage > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2016-20021 | Improper Verification of Cryptographic Signature vulnerability in Gentoo Portage In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. | 9.8 |
| 2014-09-29 | CVE-2013-2100 | Cryptographic Issues vulnerability in Gentoo Portage 2.1.12 The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate. | 9.3 |