Gentoo Portage 2.0.50 -

CPE Details

Gentoo Portage 2.0.50 -
gentoo
portage
2.0.50
2023-12-29
09h15 +00:00
2023-12-29
09h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gentoo:portage:2.0.50:-:*:*:*:*:*:*

Informations

Vendor

gentoo

Product

portage

Version

2.0.50

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2016-20021 2024-01-11 23h00 +00:00 In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
9.8
Critical
CVE-2019-20384 2020-01-20 22h52 +00:00 Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
5.5
Medium
CVE-2004-2778 2017-06-27 18h00 +00:00 Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
7.1
High
CVE-2008-4394 2008-10-10 08h00 +00:00 Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.
6.9
CVE-2007-6249 2007-12-15 00h00 +00:00 etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
2.1
CVE-2004-1901 2005-05-10 02h00 +00:00 Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
5.5
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.