threat
engine
.sh
Back
·
··:··
Home
/
Product
/
firejail project firejail
Product
firejail project firejail
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-31214
all versions
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is ac
7.8
HIGH
CVE-2021-26910
< 0.9.64.4
Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between
7.8
HIGH
CVE-2020-17368
<= 0.9.62
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to co
9.8
CRITICAL
CVE-2020-17367
<= 0.9.62
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command inject
7.8
HIGH
CVE-2019-12589
< 0.9.60
In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a
8.8
HIGH
CVE-2019-12499
< 0.9.60
Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside
8.1
HIGH
CVE-2016-10123
all versions
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.
7.8
HIGH
CVE-2016-10122
all versions
Firejail does not properly clean environment variables, which allows local users to gain privileges.
7.8
HIGH
CVE-2016-10121
all versions
Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.
7.8
HIGH
CVE-2016-10120
all versions
Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to g
7.8
HIGH
CVE-2016-10119
all versions
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.
7.8
HIGH
CVE-2016-10118
all versions
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.
3.3
LOW
CVE-2016-10117
all versions
Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.
7.8
HIGH
CVE-2017-5207
< 0.9.44.4
Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.
7.8
HIGH
CVE-2017-5206
< 0.9.44.4
Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based
9.0
CRITICAL
CVE-2017-5940
>= 0.9.40 and <= 0.9.44.6
Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt t
8.8
HIGH
CVE-2017-5180
< 0.9.44.4
Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent
8.8
HIGH
CVE-2016-9016
all versions
Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin