pacman project pacman vulnerabilities and exploits

(subscribe to this query)

8.8

CVSSv3

pacman prior to 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given i...

Pacman Project Pacman

5.5

CVSSv3

libalpm, as used in pacman 5.0.1, allows remote malicious users to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.

Pacman Project Pacman 5.0.1

9.8

CVSSv3

A vulnerability classified as critical has been found in pacman-canvas up to 1.0.5. Affected is the function addHighscore of the file data/db-handler.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.6 is able to ...

Pacman-canvas Project Pacman-canvas

9.8

CVSSv3

pacman prior to 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-co...

Pacman Project Pacman Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

9.8

CVSSv3

pacman prior to 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker...

Pacman Project Pacman Fedoraproject Fedora 30 Fedoraproject Fedora 31 Fedoraproject Fedora 32

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook