Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-08	CVE-2021-26910	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. local firejail-project debian CWE-367	6.9
2017-03-23	CVE-2017-5206	Security Bypass vulnerability in Firejail Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument. network firejail-project linux	6.8
2017-02-09	CVE-2017-5940	Improper Privilege Management vulnerability in Firejail Project Firejail Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. local low complexity firejail-project CWE-269	4.6
2017-02-09	CVE-2017-5180	Missing Authorization vulnerability in Firejail Project Firejail Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. local low complexity firejail-project CWE-862	4.6