Lucene search
K

1231 matches found

Cvelist
Cvelist
added 2018/02/02 2:0 p.m.17 views

CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon...

8.5AI score0.0042EPSS
Exploits0References4
CVE
CVE
added 2018/02/02 2:0 p.m.92 views

CVE-2018-6560

CVE-2018-6560 affects Flatpak’s D-Bus proxy (dbus-proxy/flatpak-proxy.c) in Flatpak versions prior to 0.8.9, and in 0.9.x and 0.10.x prior to 0.10.3. The issue is caused by whitespace handling in the proxy not matching the daemon, enabling crafted D‑Bus messages to escape the sandbox. Practical i...

8.8CVSS8.4AI score0.0042EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2018/02/02 2:0 p.m.19 views

CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon...

8.8CVSS8.6AI score0.0042EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2018/01/23 4:58 p.m.18 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS3.1AI score0.00355EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/07/14 12:0 a.m.19 views

Fedora Update for flatpak FEDORA-2017-6b1f07acd9

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.00355EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/07/13 12:0 a.m.21 views

Fedora 24 : flatpak (2017-6b1f07acd9)

Security fix for CVE-2017-9780 Update to 0.8.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

7.8CVSS7.5AI score0.00355EPSS
Exploits0References2
Fedora
Fedora
added 2017/07/12 1:54 a.m.35 views

[SECURITY] Fedora 24 Update: flatpak-0.8.7-1.fc24

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information...

7.8CVSS0.5AI score0.00355EPSS
Exploits0
CNVD
CNVD
added 2017/06/23 12:0 a.m.4 views

Flatpak Local Elevation of Privilege Vulnerability

Flatpak is a system for building and installing Linux desktop applications. A local elevation of privilege vulnerability exists in versions of Flatpak prior to 0.8.7. A local attacker could exploit this vulnerability to run the setuid executable...

7.8CVSS6.8AI score0.00355EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/06/23 12:0 a.m.22 views

Debian DSA-3895-1 : flatpak - security update

It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

7.8CVSS7.5AI score0.00355EPSS
Exploits0References3
Debian
Debian
added 2017/06/22 5:45 p.m.44 views

[SECURITY] [DSA 3895-1] flatpak security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3895-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 22, 2017 https://www.debian.org/security/faq -...

7.8CVSS7.5AI score0.00355EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/06/22 12:0 a.m.23 views

Debian Security Advisory DSA 3895-1 (flatpak - security update)

It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation. OpenVAS Vulnerability Test $Id: deb3895.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generate...

7.2CVSS0.7AI score0.00355EPSS
Exploits0References1
OSV
OSV
added 2017/06/22 12:0 a.m.20 views

DSA-3895-1 flatpak - security update

Bulletin has no description...

7.8CVSS7.6AI score0.00355EPSS
Exploits0
NVD
NVD
added 2017/06/21 3:29 p.m.20 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS7.5AI score0.00355EPSS
Exploits0References4
Prion
Prion
added 2017/06/21 3:29 p.m.16 views

Design/Logic Flaw

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.2CVSS6.7AI score0.00355EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2017/06/21 3:29 p.m.10 views

UBUNTU-CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS7.1AI score0.00355EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/06/21 3:29 p.m.25 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS7AI score0.00355EPSS
Exploits0References3
OSV
OSV
added 2017/06/21 3:29 p.m.2 views

DEBIAN-CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS7.5AI score0.00355EPSS
Exploits0References1
OSV
OSV
added 2017/06/21 3:29 p.m.24 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.8CVSS7.5AI score
Exploits0References4
Cvelist
Cvelist
added 2017/06/21 3:0 p.m.26 views

CVE-2017-9780

In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...

7.5AI score0.00355EPSS
Exploits0References4
CVE
CVE
added 2017/06/21 3:0 p.m.81 views

CVE-2017-9780

CVE-2017-9780 affects Flatpak prior to 0.8.7. A third‑party app repository could supply malicious apps with files that have insecure permissions (e.g., setuid or world‑writeable), causing deployed files to run with elevated privileges or write to world‑writable locations. The worst‑case involves ...

7.8CVSS7.4AI score0.00355EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder