rpm package
suse/flatpak&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42472 | — | < 1.10.8-150200.4.21.1 | 1.10.8-150200.4.21.1 | Aug 15, 2024 | Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on in | ||
| CVE-2024-32462 | — | < 1.10.8-150200.4.18.1 | 1.10.8-150200.4.18.1 | Apr 18, 2024 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument | ||
| CVE-2023-28101 | — | < 1.10.8-150200.4.15.1 | 1.10.8-150200.4.15.1 | Mar 16, 2023 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatp | ||
| CVE-2023-28100 | — | < 1.10.8-150200.4.15.1 | 1.10.8-150200.4.15.1 | Mar 16, 2023 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak a | ||
| CVE-2022-21682 | — | < 1.10.7-4.12.1 | 1.10.7-4.12.1 | Jan 13, 2022 | Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that i | ||
| CVE-2021-43860 | — | < 1.10.7-4.12.1 | 1.10.7-4.12.1 | Jan 12, 2022 | Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the ca |
- CVE-2024-42472Aug 15, 2024affected < 1.10.8-150200.4.21.1fixed 1.10.8-150200.4.21.1
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on in
- CVE-2024-32462Apr 18, 2024affected < 1.10.8-150200.4.18.1fixed 1.10.8-150200.4.18.1
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument
- CVE-2023-28101Mar 16, 2023affected < 1.10.8-150200.4.15.1fixed 1.10.8-150200.4.15.1
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatp
- CVE-2023-28100Mar 16, 2023affected < 1.10.8-150200.4.15.1fixed 1.10.8-150200.4.15.1
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak a
- CVE-2022-21682Jan 13, 2022affected < 1.10.7-4.12.1fixed 1.10.7-4.12.1
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that i
- CVE-2021-43860Jan 12, 2022affected < 1.10.7-4.12.1fixed 1.10.7-4.12.1
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the ca