Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 13 results


CVE-2024-42472

Medium priority

Some fixes available 3 of 5

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2024-32462

Medium priority

Some fixes available 2 of 6

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Fixed Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2023-28101

Medium priority
Needs evaluation

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2023-28100

Medium priority
Needs evaluation

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX`...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2022-21682

Low priority
Needs evaluation

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies `finish-args` last in the build. At this point...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Not affected Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-43860

Medium priority
Needs evaluation

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Not affected Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-41133

Medium priority
Fixed

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland,...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Not affected Fixed Fixed Ignored
Show less packages

CVE-2021-21381

Medium priority
Fixed

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Fixed Fixed Not in release
Show less packages

CVE-2021-21261

Medium priority
Fixed

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the `flatpak-portal` service that can allow sandboxed applications to execute arbitrary code on the host...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Fixed Fixed Not in release
Show less packages

CVE-2019-10063

Unknown priority
Fixed

Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the...

1 affected packages

flatpak

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flatpak Fixed Not in release
Show less packages