Vulnerabilities > Flatpak
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-16 | CVE-2023-28100 | Unspecified vulnerability in Flatpak Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 6.5 |
2023-03-16 | CVE-2023-28101 | Improper Encoding or Escaping of Output vulnerability in Flatpak Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 4.3 |
2022-01-13 | CVE-2022-21682 | Path Traversal vulnerability in multiple products Flatpak is a Linux application sandboxing and distribution framework. | 6.5 |
2022-01-12 | CVE-2021-43860 | Incorrect Default Permissions vulnerability in multiple products Flatpak is a Linux application sandboxing and distribution framework. | 8.6 |
2021-10-08 | CVE-2021-41133 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 7.8 |
2021-03-11 | CVE-2021-21381 | Injection vulnerability in multiple products Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 8.2 |
2021-01-14 | CVE-2021-21261 | Injection vulnerability in multiple products Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 7.2 |
2019-03-26 | CVE-2019-10063 | Improper Input Validation vulnerability in Flatpak Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. | 6.8 |
2019-02-12 | CVE-2019-8308 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | 4.4 |
2018-02-02 | CVE-2018-6560 | Interpretation Conflict vulnerability in multiple products In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. | 4.6 |