Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-1105

Malware in sbrugna...

2.1CVSS6.4AI score0.00342EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-10936

Malware in sbrugna...

5.5CVSS5.6AI score0.0027EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 11:40 a.m.6 views

CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS6.8AI score0.00464EPSS
Exploits0References1
Veracode
Veracode
added 2024/09/03 5:6 a.m.7 views

Man-in-the-middle(MitM) Attack

Gentoo Portage is vulnerable to a Man-in-the-Middle MitM attack. The vulnerability exists due to the failure of emerge-webrsync to perform PGP signature verification on downloaded .gpgsig files, allowing an attacker to inject malicious code during the file download process...

9.8CVSS9.4AI score0.00464EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 1:36 a.m.7 views

GHSA-8823-XPHR-QW9V Gentoo Portage does not verify X.509 certificates from SSL servers

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

9.3CVSS6.1AI score0.01557EPSS
Exploits1References8
OSV
OSV
added 2014/09/29 10:55 p.m.6 views

PYSEC-2014-115

The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...

9.3CVSS6.8AI score0.01557EPSS
Exploits1References7
Cvelist
Cvelist
added 2004/12/01 5:0 a.m.23 views

CVE-2004-1107

dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files...

6.2AI score0.00342EPSS
Exploits0References5
securityvulns
securityvulns
added 2004/11/09 12:0 a.m.26 views

[ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities

Gentoo Linux Security Advisory GLSA 200411-13:01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -...

6.9AI score
Exploits0
Rows per page
Query Builder