Pacman Project Pacman 5.1.3

CPE Details

Pacman Project Pacman 5.1.3
pacman_project
pacman
5.1.3
2019-08-06
13h47 +00:00
2019-08-06
13h47 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:pacman_project:pacman:5.1.3:*:*:*:*:*:*:*

Informations

Vendor

pacman_project

Product

pacman

Version

5.1.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-18182 2020-02-24 13h38 +00:00 pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable a non-default XferCommand and retrieve an attacker-controlled crafted database and package.
9.8
Critical
CVE-2019-18183 2020-02-24 13h36 +00:00 pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file.
9.8
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.