Pacman
by Archlinux
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-18183 | Cri | 0.64 | 9.8 | 0.04 | Feb 24, 2020 | pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an… | ||
| CVE-2019-18182 | Cri | 0.64 | 9.8 | 0.04 | Feb 24, 2020 | pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an… | ||
| CVE-2019-9686 | Hig | 0.57 | 8.8 | 0.03 | Mar 11, 2019 | pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U " due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header.… |
- risk 0.64cvss 9.8epss 0.04
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an…
- risk 0.64cvss 9.8epss 0.04
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an…
- risk 0.57cvss 8.8epss 0.03
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U " due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header.…