Vulnerabilities > Flatpak

DATE CVE VULNERABILITY TITLE RISK
2022-01-13 CVE-2022-21682 Path Traversal vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
network
low complexity
flatpak fedoraproject redhat debian CWE-22
4.0
2022-01-12 CVE-2021-43860 Incorrect Default Permissions vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
6.8
2021-10-08 CVE-2021-41133 Improper Input Validation vulnerability in multiple products
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian fedoraproject CWE-20
4.6
2021-03-11 CVE-2021-21381 Injection vulnerability in multiple products
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
5.8
2021-01-14 CVE-2021-21261 Injection vulnerability in multiple products
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian CWE-74
7.2
2019-03-26 CVE-2019-10063 Improper Input Validation vulnerability in Flatpak
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass.
network
flatpak CWE-20
6.8
2019-02-12 CVE-2019-8308 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
4.4
2018-02-02 CVE-2018-6560 Interpretation Conflict vulnerability in multiple products
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
local
low complexity
flatpak redhat CWE-436
4.6
2017-06-21 CVE-2017-9780 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable.
local
low complexity
flatpak debian CWE-732
7.2