Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2016-20021

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.1%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2016-20021
  • Gentoo » Portage » Version: N/A
    cpe:2.3:a:gentoo:portage:-
  • Gentoo » Portage » Version: 2.0.50
    cpe:2.3:a:gentoo:portage:2.0.50
  • Gentoo » Portage » Version: 2.0.51.22
    cpe:2.3:a:gentoo:portage:2.0.51.22
  • Gentoo » Portage » Version: 2.1.1
    cpe:2.3:a:gentoo:portage:2.1.1
  • Gentoo » Portage » Version: 2.1.3.10
    cpe:2.3:a:gentoo:portage:2.1.3.10
  • Gentoo » Portage » Version: 2.1.4.4
    cpe:2.3:a:gentoo:portage:2.1.4.4
  • Gentoo » Portage » Version: 2.3.79
    cpe:2.3:a:gentoo:portage:2.3.79
  • Gentoo » Portage » Version: 2.3.80
    cpe:2.3:a:gentoo:portage:2.3.80
  • Gentoo » Portage » Version: 2.3.81
    cpe:2.3:a:gentoo:portage:2.3.81
  • Gentoo » Portage » Version: 2.3.82
    cpe:2.3:a:gentoo:portage:2.3.82
  • Gentoo » Portage » Version: 2.3.83
    cpe:2.3:a:gentoo:portage:2.3.83
  • Gentoo » Portage » Version: 2.3.84
    cpe:2.3:a:gentoo:portage:2.3.84
  • Gentoo » Portage » Version: 2.3.85
    cpe:2.3:a:gentoo:portage:2.3.85


Products
Pricing
Contact Us

Shodan ® - All rights reserved