4 matches found
EUVD-2017-18710
Malware in sbrugna...
CVE-2017-9780
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
Design/Logic Flaw
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the...
CVE-2017-9780
CVE-2017-9780 affects Flatpak prior to 0.8.7. A third‑party app repository could supply malicious apps with files that have insecure permissions (e.g., setuid or world‑writeable), causing deployed files to run with elevated privileges or write to world‑writable locations. The worst‑case involves ...