Vulnerabilities > Firejail Project > Firejail > 0.9.50
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-08 | CVE-2021-26910 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | 7.0 |
| 2020-08-11 | CVE-2020-17368 | OS Command Injection vulnerability in multiple products Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection. | 9.8 |
| 2020-08-11 | CVE-2020-17367 | Argument Injection or Modification vulnerability in multiple products Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection. | 7.8 |
| 2019-06-03 | CVE-2019-12589 | Incorrect Permission Assignment for Critical Resource vulnerability in Firejail Project Firejail In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker. | 8.8 |
| 2019-05-31 | CVE-2019-12499 | Unspecified vulnerability in Firejail Project Firejail Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. | 8.1 |