rpm package
suse/flatpak&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/flatpak&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-28101 | — | < 1.2.3-150100.4.11.1 | 1.2.3-150100.4.11.1 | Mar 16, 2023 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatp | ||
| CVE-2023-28100 | — | < 1.2.3-150100.4.11.1 | 1.2.3-150100.4.11.1 | Mar 16, 2023 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak a | ||
| CVE-2021-43860 | — | < 1.2.3-150100.4.8.1 | 1.2.3-150100.4.8.1 | Jan 12, 2022 | Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the ca | ||
| CVE-2021-41133 | — | < 1.2.3-150100.4.8.1 | 1.2.3-150100.4.8.1 | Oct 8, 2021 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other ho | ||
| CVE-2021-21381 | — | < 1.2.3-150100.4.5.2 | 1.2.3-150100.4.5.2 | Mar 11, 2021 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would | ||
| CVE-2021-21261 | — | < 1.2.3-150100.4.5.2 | 1.2.3-150100.4.5.2 | Jan 14, 2021 | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug |
- CVE-2023-28101Mar 16, 2023affected < 1.2.3-150100.4.11.1fixed 1.2.3-150100.4.11.1
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatp
- CVE-2023-28100Mar 16, 2023affected < 1.2.3-150100.4.11.1fixed 1.2.3-150100.4.11.1
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak a
- CVE-2021-43860Jan 12, 2022affected < 1.2.3-150100.4.8.1fixed 1.2.3-150100.4.8.1
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the ca
- CVE-2021-41133Oct 8, 2021affected < 1.2.3-150100.4.8.1fixed 1.2.3-150100.4.8.1
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other ho
- CVE-2021-21381Mar 11, 2021affected < 1.2.3-150100.4.5.2fixed 1.2.3-150100.4.5.2
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would
- CVE-2021-21261Jan 14, 2021affected < 1.2.3-150100.4.5.2fixed 1.2.3-150100.4.5.2
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug