142 matches found
CVE-2019-20384
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...
EUVD-2005-4438
Malware in sbrugna...
EUVD-2005-4275
Malware in sbrugna...
EUVD-2004-1105
Malware in sbrugna...
EUVD-2005-3579
Malware in sbrugna...
EUVD-2008-4375
Malware in sbrugna...
EUVD-2014-0085
Malware in sbrugna...
EUVD-2005-3581
Malware in sbrugna...
EUVD-2019-10936
Malware in sbrugna...
EUVD-2005-3580
Malware in sbrugna...
EUVD-2024-0149
Malicious code in bioql PyPI...
Improper Verification of Cryptographic Signature
Overview portage is a Portage is the package management and distribution system for Gentoo Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the checkfilesignaturegpgunwrapped function. Due to the lack of enforcing of the presence of VALIDSIG...
Command Injection
Overview portage is a Portage is the package management and distribution system for Gentoo Affected versions of this package are vulnerable to Command Injection due to evaluating untrusted timestamp fields in a Bash arithmetic context via command substitution. The bin/emerge-webrsync functions...
CVE-2016-20021
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...
GLSA-202409-01 : Portage: Unverified PGP Signatures
The remote host is affected by the vulnerability described in GLSA-202409-01 Portage: Unverified PGP Signatures Multiple vulnerabilities have been discovered in Portage. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly...
Portage: Unverified PGP Signatures
Background Portage is the default Gentoo package management system. Description Multiple vulnerabilities have been discovered in Portage. Please review the CVE identifiers referenced below for details. Impact When using the webrsync mechanism to sync the tree the PGP signatures that protect the...
Man-in-the-middle(MitM) Attack
Gentoo Portage is vulnerable to a Man-in-the-Middle MitM attack. The vulnerability exists due to the failure of emerge-webrsync to perform PGP signature verification on downloaded .gpgsig files, allowing an attacker to inject malicious code during the file download process...
GHSA-PW5X-X5JW-CCMH Gentoo Portage missing PGP validation of executed code
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification...
Gentoo Portage missing PGP validation of executed code
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification...
CVE-2016-20021
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...