57 matches found
MiracleLinux 9 : bubblewrap-0.4.1-8.el9, flatpak-1.12.9-3.el9 (AXSA:2024-9109:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9109:02 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly...
MGASA-2025-0303 Updated flatpak & bubblewrap packages fix security vulnerability
Flatpak may allow access to files outside sandbox for certain apps. CVE-2024-42472...
TencentOS Server 3: bubblewrap and flatpak (TSSA-2024:0435)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0435 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
SUSE: Security Advisory (SUSE-SU-2024:3104-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-0c6db96fc3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in Flatpak affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Flatpak has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...
bubblewrap and flatpak security update
An update is available for flatpak. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged...
Advisory ROSA-SA-2025-2837
Software: bubblewrap 0.4.0 OS: ROSA Virtualization 2.1 packageevrstring: bubblewrap-0.4.0-2.rv3 CVE-ID: CVE-2024-42472 BDU-ID: 2024-06671 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Flatpak application and environment management tool is related to improper neutralization of special output...
Debian: Security Advisory (DLA-4099-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-4099 : flatpak - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4099 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4099-1 [email protected] https://www.debian.org/lts/security/...
Important: flatpak
Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...
RLSA-2024:9449 Important: bubblewrap and flatpak security update
Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...
Oracle Linux 9 : bubblewrap / and / flatpak (ELSA-2024-9449)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-9449 advisory. - Backport upstream fix to help address CVE-2024-42472 in flatpak flatpak - Backport upstream patches for CVE-2024-42472 Tenable has extracted the preceding...
RockyLinux 9 : bubblewrap and flatpak (RLSA-2024:9449)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:9449 advisory. flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 Tenable has extracted the preceding description block directly from t...
Important: Red Hat Security Advisory: bubblewrap and flatpak security update
An update for bubblewrap and flatpak is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
ALSA-2024:9449 Important: bubblewrap and flatpak security update
Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...
RHEL 9 : bubblewrap and flatpak (RHSA-2024:9449)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9449 advisory. Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...
Important: bubblewrap and flatpak security update
Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces. Security Fixes: flatpak: Access to files outside sandbox for apps using persistent= --persist CVE-2024-42472 For more details about the security issue...
Important: bubblewrap
Issue Overview: A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files...
Amazon Linux 2023 : bubblewrap (ALAS2023-2024-726)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-726 advisory. A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can...