Vulnerabilities > Pacman Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-24 | CVE-2019-18183 | OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. | 9.8 |
2020-02-24 | CVE-2019-18182 | OS Command Injection vulnerability in multiple products pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. | 9.8 |
2019-03-11 | CVE-2019-9686 | Path Traversal vulnerability in Pacman Project Pacman pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. | 8.8 |
2017-01-30 | CVE-2016-5434 | Out-of-bounds Read vulnerability in Pacman Project Pacman 5.0.1 libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. | 5.5 |