Vulnerabilities > Flatpak

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-28100 Unspecified vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak
6.5
2023-03-16 CVE-2023-28101 Unspecified vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
network
low complexity
flatpak
4.3
2022-01-13 CVE-2022-21682 Path Traversal vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
network
low complexity
flatpak fedoraproject redhat debian CWE-22
6.5
2022-01-12 CVE-2021-43860 Incorrect Default Permissions vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
local
low complexity
flatpak fedoraproject redhat debian CWE-276
8.6
2021-10-08 CVE-2021-41133 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian fedoraproject
7.8
2021-03-11 CVE-2021-21381 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian fedoraproject
8.2
2021-01-14 CVE-2021-21261 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian
8.8
2019-03-26 CVE-2019-10063 Improper Input Validation vulnerability in Flatpak
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass.
network
high complexity
flatpak CWE-20
critical
9.0
2019-02-12 CVE-2019-8308 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
local
low complexity
flatpak debian redhat CWE-668
8.2
2018-02-02 CVE-2018-6560 Interpretation Conflict vulnerability in multiple products
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
local
low complexity
flatpak redhat CWE-436
8.8