VYPR

Pacman

by Archlinux

CVEs (3)

  • CVE-2019-18183CriFeb 24, 2020
    risk 0.64cvss 9.8epss 0.04

    pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an…

  • CVE-2019-18182CriFeb 24, 2020
    risk 0.64cvss 9.8epss 0.04

    pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an…

  • CVE-2019-9686HigMar 11, 2019
    risk 0.57cvss 8.8epss 0.03

    pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U " due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header.…