Every CVE whose affected-product data names Pacman Project Pacman, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-18182 — CVSS 9.8 (critical): pacman before 5.2 is vulnerable to arbitrary command injection in conf.c in the download_with_xfercommand() function. This can be exploited…
CVE-2019-18183 — CVSS 9.8 (critical): pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited…
CVE-2019-9686 — CVSS 8.8 (high): pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized…
CVE-2016-5434 — CVSS 5.5 (medium): libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted…