Vulnerabilities > Firejail Project > Firejail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-08 | CVE-2021-26910 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | 6.9 |
| 2017-03-23 | CVE-2017-5206 | Security Bypass vulnerability in Firejail Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. | 6.8 |
| 2017-02-09 | CVE-2017-5940 | Improper Privilege Management vulnerability in Firejail Project Firejail Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. | 4.6 |
| 2017-02-09 | CVE-2017-5180 | Missing Authorization vulnerability in Firejail Project Firejail Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. | 4.6 |