Vulnerabilities > Flatpak > Flatpak > 0.3.4

DATE CVE VULNERABILITY TITLE RISK
2023-03-16 CVE-2023-28100 Unspecified vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak
6.5
2023-03-16 CVE-2023-28101 Improper Encoding or Escaping of Output vulnerability in Flatpak
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
network
low complexity
flatpak CWE-116
4.3
2022-01-13 CVE-2022-21682 Path Traversal vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
network
low complexity
flatpak fedoraproject redhat debian CWE-22
6.5
2022-01-12 CVE-2021-43860 Incorrect Default Permissions vulnerability in multiple products
Flatpak is a Linux application sandboxing and distribution framework.
local
low complexity
flatpak fedoraproject redhat debian CWE-276
8.6
2021-10-08 CVE-2021-41133 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
local
low complexity
flatpak debian fedoraproject
7.8
2019-03-26 CVE-2019-10063 Improper Input Validation vulnerability in Flatpak
Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass.
network
flatpak CWE-20
6.8
2019-02-12 CVE-2019-8308 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
4.4
2018-02-02 CVE-2018-6560 Interpretation Conflict vulnerability in multiple products
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.
local
low complexity
flatpak redhat CWE-436
4.6
2017-06-21 CVE-2017-9780 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable.
local
low complexity
flatpak debian CWE-732
7.2