Download
| Alert*
oval:org.secpod.oval:def:88312
It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by Flatpak"s denylist seccomp filter. Det ... oval:org.secpod.oval:def:605648 It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by Flatpak"s denylist seccomp filter. Det ... oval:org.secpod.oval:def:506393 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: Sandbox bypass via recent VFS-manipulating syscalls For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:2500318 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. oval:org.secpod.oval:def:120913 flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. oval:org.secpod.oval:def:706252 flatpak: Application deployment framework for desktop apps A system hardening measure could be bypassed. oval:org.secpod.oval:def:506394 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: Sandbox bypass via recent VFS-manipulating syscalls For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:4500086 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:1505172 [1.0.9-12] - Fix CVE-2021-41133 oval:org.secpod.oval:def:77039 flatpak: Application deployment framework for desktop apps A system hardening measure could be bypassed. oval:org.secpod.oval:def:1505170 [1.8.5-4] - Fix CVE-2021-41133 oval:org.secpod.oval:def:120873 flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. oval:org.secpod.oval:def:89047303 This update for flatpak fixes the following issues: - Update to version 1.10.5: - CVE-2021-41133: Fixed a bug that could lead to sandbox bypass via recent VFS-manipulating syscalls oval:org.secpod.oval:def:89047046 This update for flatpak fixes the following issues: - CVE-2021-41133: Fixed sandbox bypass via recent syscalls . oval:org.secpod.oval:def:1701331 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into ... oval:org.secpod.oval:def:205904 Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix: * flatpak: Sandbox bypass via recent VFS-manipulating syscalls For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related informa ... oval:org.secpod.oval:def:2107144 Oracle Solaris 11 - ( CVE-2021-30851 ) oval:org.secpod.oval:def:89047029 This update for flatpak fixes the following issues: - CVE-2021-41133: Fixed sandbox bypass via recent syscalls . - CVE-2021-43860: Fixed metadata validation . |