VYPR

rpm package

opensuse/flatpak&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/flatpak&distro=openSUSE%20Tumbleweed

Vulnerabilities (14)

  • CVE-2026-34079HigApr 7, 2026
    affected < 1.16.6-1.1fixed 1.16.6-1.1

    Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete ar

  • CVE-2026-34078CriApr 7, 2026
    affected < 1.16.6-1.1fixed 1.16.6-1.1

    Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitrary paths. Flatpak run mounts the resolved host path in the sandbox. This g

  • CVE-2024-42472Aug 15, 2024
    affected < 1.15.10-1.1fixed 1.15.10-1.1

    Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on in

  • CVE-2024-32462Apr 18, 2024
    affected < 1.15.8-1.1fixed 1.15.8-1.1

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument

  • CVE-2023-28101Mar 16, 2023
    affected < 1.14.4-1.1fixed 1.14.4-1.1

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatp

  • CVE-2023-28100Mar 16, 2023
    affected < 1.14.4-1.1fixed 1.14.4-1.1

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak a

  • CVE-2022-21682Jan 13, 2022
    affected < 1.12.4-1.1fixed 1.12.4-1.1

    Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that i

  • CVE-2021-43860Jan 12, 2022
    affected < 1.12.3-1.1fixed 1.12.3-1.1

    Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the ca

  • CVE-2021-41133Oct 8, 2021
    affected < 1.12.1-1.1fixed 1.12.1-1.1

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other ho

  • CVE-2021-21261Jan 14, 2021
    affected < 1.11.3-1.2fixed 1.11.3-1.2

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug

  • CVE-2019-10063Mar 26, 2019
    affected < 1.11.3-1.2fixed 1.11.3-1.2

    Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject command

  • CVE-2019-5736Feb 11, 2019
    affected < 1.11.3-1.2fixed 1.11.3-1.2

    runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta

  • CVE-2017-5226CriMar 29, 2017
    affected < 1.11.3-1.2fixed 1.11.3-1.2

    When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

  • CVE-2016-8659HigFeb 13, 2017
    affected < 0.6.14-1.1fixed 0.6.14-1.1

    Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.