1231 matches found
RHSA-2026:35843 Red Hat Security Advisory: flatpak security update
Bulletin has no description...
flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...
Important: Red Hat Security Advisory: flatpak security update
An update for flatpak is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
SUSE CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
RHSA-2026:30901 Red Hat Security Advisory: flatpak security update
Bulletin has no description...
CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
UBUNTU-CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601
CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...
EUVD-2026-40066
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...
RHEL 8 : flatpak (RHSA-2026:30901)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30901 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...
Astra Linux – Vulnerability in Flatpak
Flatpak is a Linux application sandboxing and distribution framework. Prior to version 1.16.4, the caching mechanism for ld.so removed outdated cache files without properly checking whether the app’s control over the path to the outdated cache was valid within the cache directory. This allowed...
Astra Linux – Vulnerability in Flatpak
Flatpak is a Linux application sandboxing and distribution framework. Prior to version 1.16.4, the Flatpak portal allowed paths in the sandbox-expose options, which could be app-controlled symbolic links pointing to arbitrary paths. Flatpak’s “flatpak run” command mounted the resolved host path i...
OESA-2026-2710 flatpak security update
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Every Flatpak app is able to read and write arbitrary files on the host and execute code in the host context,...
OESA-2026-2709 flatpak security update
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Every Flatpak app is able to read and write arbitrary files on the host and execute code in the host context,...