Every CVE whose affected-product data names Gentoo Portage, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2016-20021 — CVSS 9.8 (critical): In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file…
CVE-2013-2100 — CVSS 9.3 (critical): The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from…
CVE-2004-2778 — CVSS 7.1 (high): Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read…
CVE-2008-4394 — CVSS 6.9 (medium): Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path…
CVE-2004-1901 — CVSS 5.5 (medium): Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
CVE-2019-20384 — CVSS 5.5 (medium): Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging…
CVE-2007-6249 — CVSS 2.1 (low): etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in…