Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.7 views

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

5.5CVSS6.6AI score0.0027EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-10936

Malware in sbrugna...

5.5CVSS5.6AI score0.0027EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.25 views

EUVD-2014-0085

Malware in sbrugna...

9.3CVSS6.2AI score0.01557EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0149

Malicious code in bioql PyPI...

9.8CVSS9AI score0.00464EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/05/22 11:40 a.m.6 views

CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS6.8AI score0.00464EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/03 5:6 a.m.7 views

Man-in-the-middle(MitM) Attack

Gentoo Portage is vulnerable to a Man-in-the-Middle MitM attack. The vulnerability exists due to the failure of emerge-webrsync to perform PGP signature verification on downloaded .gpgsig files, allowing an attacker to inject malicious code during the file download process...

9.8CVSS9.4AI score0.00464EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/01/12 3:30 a.m.4 views

GHSA-PW5X-X5JW-CCMH Gentoo Portage missing PGP validation of executed code

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification...

9.8CVSS9.5AI score0.00464EPSS
Exploits0References8
NVD
NVD
added 2024/01/12 3:15 a.m.27 views

CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS9.5AI score0.00464EPSS
Exploits0References3
PyPA
PyPA
added 2024/01/12 3:15 a.m.5 views

PYSEC-2024-10

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS6.8AI score0.00464EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/12 3:15 a.m.51 views

PYSEC-2024-10

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS9.5AI score0.00464EPSS
Exploits0References5
Prion
Prion
added 2024/01/12 3:15 a.m.17 views

Code injection

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

7.5CVSS7.4AI score0.00464EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.2 views

PT-2024-10576 · Gentoo · Gentoo Portage

Name of the Vulnerable Software and Affected Versions: Gentoo Portage versions prior to 3.0.47 Description: The issue concerns missing PGP validation of executed code. Specifically, the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. This issue doe...

9.8CVSS9.3AI score0.00464EPSS
Exploits0References13
CNNVD
CNNVD
added 2024/01/12 12:0 a.m.3 views

Gentoo Portage Security Vulnerability

Gentoo is an open source Linux system from the Gentoo Foundation. A security vulnerability exists in Gentoo Portage versions prior to 3.0.47, which stems from a lack of PGP validation for code execution...

9.8CVSS7.3AI score0.00464EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/01/12 12:0 a.m.4 views

CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.5AI score0.00464EPSS
Exploits0References3
OSV
OSV
added 2022/05/17 1:36 a.m.7 views

GHSA-8823-XPHR-QW9V Gentoo Portage does not verify X.509 certificates from SSL servers

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

9.3CVSS6.1AI score0.01557EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2022/05/17 1:36 a.m.15 views

Gentoo Portage does not verify X.509 certificates from SSL servers

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

9.3CVSS6.4AI score0.01557EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2020/01/21 12:15 a.m.14 views

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

5.5CVSS5.4AI score0.0027EPSS
Exploits1References2
OSV
OSV
added 2020/01/21 12:15 a.m.12 views

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

5.5CVSS6.6AI score
Exploits0References2
Prion
Prion
added 2020/01/21 12:15 a.m.16 views

Design/Logic Flaw

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

2.1CVSS5.4AI score0.0027EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/01/20 11:52 p.m.18 views

CVE-2019-20384

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...

5.4AI score0.0027EPSS
Exploits1References2
Rows per page
Query Builder