Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.2
CVE-2019-8308
- EPSS 0.07%
- Published 12.02.2019 23:29:00
- Last modified 21.11.2024 04:49:39
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
8.8
CVE-2018-6560
- EPSS 0.09%
- Published 02.02.2018 14:29:01
- Last modified 21.11.2024 04:10:54
In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in...
7.8
CVE-2017-9780
- EPSS 0.11%
- Published 21.06.2017 15:29:00
- Last modified 20.04.2025 01:37:25
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacke...