Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flatpak flatpak vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32462
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions prior to 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argumen...
NA
CVE-2023-28100
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions before 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app...
Flatpak Flatpak
NA
CVE-2023-28101
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions before 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak...
Flatpak Flatpak
357
VMScore
CVE-2022-21693
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can ac...
Onionshare Onionshare
356
VMScore
CVE-2022-21682
Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak before 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point the build directory will have the full access that is ...
Flatpak Flatpak-builder
Flatpak Flatpak
Fedoraproject Fedora 35
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
605
VMScore
CVE-2021-43860
Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in t...
Flatpak Flatpak
Fedoraproject Fedora 35
Redhat Enterprise Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
409
VMScore
CVE-2021-41133
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions before 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host...
Flatpak Flatpak
Debian Debian Linux 11.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
516
VMScore
CVE-2021-21381
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an malicious user to gain access to f...
Flatpak Flatpak
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
641
VMScore
CVE-2021-21261
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug exists in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is pres...
Flatpak Flatpak
Debian Debian Linux 10.0
756
VMScore
CVE-2020-5291
Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root pe...
Projectatomic Bubblewrap
Debian Debian Linux 10.0
Archlinux Arch Linux -
Centos Centos 7.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »