Vulnerabilities > Flatpak > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2021-43860 | Incorrect Default Permissions vulnerability in multiple products Flatpak is a Linux application sandboxing and distribution framework. | 8.6 |
| 2021-10-08 | CVE-2021-41133 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 7.8 |
| 2021-03-11 | CVE-2021-21381 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 8.2 |
| 2021-01-14 | CVE-2021-21261 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. | 8.8 |
| 2019-02-12 | CVE-2019-8308 | Exposure of Resource to Wrong Sphere vulnerability in multiple products Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | 8.2 |
| 2018-02-02 | CVE-2018-6560 | Interpretation Conflict vulnerability in multiple products In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. | 8.8 |
| 2017-06-21 | CVE-2017-9780 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. | 7.8 |