rpm package
opensuse/flatpak&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/flatpak&distro=openSUSE%20Leap%2015.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-11461 | — | < 0.10.4-lp150.8.1 | 0.10.4-lp150.8.1 | Apr 22, 2019 | An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling t | ||
| CVE-2019-11460 | — | < 0.10.4-lp150.8.1 | 0.10.4-lp150.8.1 | Apr 22, 2019 | An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the t | ||
| CVE-2019-8308 | — | < 0.10.4-lp150.8.1 | 0.10.4-lp150.8.1 | Feb 12, 2019 | Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. |
- CVE-2019-11461Apr 22, 2019affected < 0.10.4-lp150.8.1fixed 0.10.4-lp150.8.1
An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling t
- CVE-2019-11460Apr 22, 2019affected < 0.10.4-lp150.8.1fixed 0.10.4-lp150.8.1
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the t
- CVE-2019-8308Feb 12, 2019affected < 0.10.4-lp150.8.1fixed 0.10.4-lp150.8.1
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.