Lucene search
K

103 matches found

SUSE Linux
SUSE Linux
added 2026/05/28 4:4 p.m.13 views

Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issue: CVE-2026-40354: File deletion via symlink attack bsc1262045. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 4:3 p.m.4 views

SUSE-SU-2026:2105-1 Security update for xdg-desktop-portal

This update for xdg-desktop-portal fixes the following issue: - CVE-2026-40354: File deletion via symlink attack bsc1262045...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Ubuntu 24.04 LTS / 25.10 : XDG Desktop Portal vulnerability (USN-8287-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8287-1 advisory. It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on...

6.3CVSS6AI score0.00128EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/20 6:2 p.m.12 views

USN-8287-1: XDG Desktop Portal vulnerability

It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on the host file system via a symlink attack...

6.3CVSS5.9AI score0.00128EPSS
Exploits0
OSV
OSV
added 2026/05/20 6:2 p.m.10 views

USN-8287-1 xdg-desktop-portal vulnerability

It was discovered that XDG Desktop Portal incorrectly handled trashing files. A local attacker could possibly use this issue to delete arbitrary files on the host file system via a symlink attack...

6.3CVSS5.9AI score0.00128EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak application could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak...

8.4CVSS7.3AI score0.00512EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Amazon Linux 2023 : xdg-desktop-portal, xdg-desktop-portal-devel (ALAS2023-2026-1669)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1669 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash. CVE-2026-40354 Tenable has extracted t...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References4
Amazon
Amazon
added 2026/05/14 12:0 a.m.15 views

Medium: xdg-desktop-portal

Issue Overview: Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash. CVE-2026-40354 Affected Packages: xdg-desktop-portal Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

6.3CVSS5.8AI score0.00128EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Amazon Linux 2 : xdg-desktop-portal, --advisory ALAS2-2026-3298 (ALAS-2026-3298)

The version of xdg-desktop-portal installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3298 advisory. Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/05/03 9:57 a.m.6 views

OESA-2026-2184 xdg-desktop-portal security update

xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others. Security Fixes: Flatpak...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References2
OSV
OSV
added 2026/05/03 9:57 a.m.8 views

OESA-2026-2182 xdg-desktop-portal security update

xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others. Security Fixes: Flatpak...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References2
OSV
OSV
added 2026/05/03 9:57 a.m.5 views

OESA-2026-2183 xdg-desktop-portal security update

xdg-desktop-portal works by exposing a series of D-Bus interfaces known as portals under a well-known name org.freedesktop.portal.Desktop and object path /org/freedesktop/portal/desktop. The portal interfaces include APIs for file access, opening URIs, printing and others. Security Fixes: Flatpak...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.7 views

SUSE CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/13 12:31 p.m.5 views

CVE-2026-40354

A flaw was found in Flatpak xdg-desktop-portal. A malicious Flatpak application can exploit this vulnerability by performing a symbolic link symlink attack on the gfiletrash function. This allows the Flatpak application to delete any file on the host system, leading to a denial of service...

6.3CVSS5.7AI score0.00128EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/11 3:30 a.m.4 views

EUVD-2026-21625

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

2.9CVSS5.8AI score0.00128EPSS
Exploits0References5
OSV
OSV
added 2026/04/11 1:16 a.m.7 views

DEBIAN-CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

6.3CVSS5.3AI score0.00128EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/11 1:16 a.m.6 views

CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/04/11 12:29 a.m.7 views

CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

6.3CVSS5.2AI score0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/04/11 12:29 a.m.66 views

CVE-2026-40354

The CVE-2026-40354 issue affects Flatpak’s xdg-desktop-portal (pre-1.20.4 and 1.21.x pre-1.21.1). A symlink attack on g_file_trash in the host context allows a Flatpak application to delete arbitrary host files, enabling denial of service or potential data integrity concerns. Root cause: insuffic...

6.3CVSS5.8AI score0.00128EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/11 12:29 a.m.4 views

CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

2.9CVSS5.8AI score0.00128EPSS
Exploits0References4
Rows per page
Query Builder