Vulnerabilities > Pacman Project

DATE CVE VULNERABILITY TITLE RISK
2020-02-24 CVE-2019-18183 OS Command Injection vulnerability in multiple products
pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function.
network
low complexity
pacman-project fedoraproject CWE-78
critical
9.8
2020-02-24 CVE-2019-18182 OS Command Injection vulnerability in multiple products
pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function.
network
low complexity
pacman-project fedoraproject CWE-78
critical
9.8
2019-03-11 CVE-2019-9686 Path Traversal vulnerability in Pacman Project Pacman
pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header.
network
low complexity
pacman-project CWE-22
8.8
2017-01-30 CVE-2016-5434 Out-of-bounds Read vulnerability in Pacman Project Pacman 5.0.1
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.
local
low complexity
pacman-project CWE-125
5.5