Lucene search
K

33 matches found

NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-41046

A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...

7.3CVSS0.00159EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS0.00133EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-41047

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS0.0015EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 4:16 p.m.8 views

CVE-2026-41049

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 4:16 p.m.7 views

CVE-2026-41045

A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...

8.1CVSS0.00136EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:32 p.m.3 views

CVE-2026-41049

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 3:32 p.m.7 views

CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:32 p.m.8 views

EUVD-2026-38275

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:32 p.m.35 views

CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS0.00134EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:32 p.m.17 views

CVE-2026-41049

CVE-2026-41049 affects the qSnapper dbus service prior to version 1.3.3. The underlying issue is incorrect caching of authentication between different users, allowing a local attacker to invoke dbus functions after a privileged user has authenticated for them. Documented impact: high confidential...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:31 p.m.34 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS0.00133EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 3:31 p.m.2 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References6
CVE
CVE
added 2026/06/22 3:31 p.m.20 views

CVE-2026-41048

CVE-2026-41048 describes an authentication caching bug in qSnapper prior to version 1.3.3 where caching between different polkit methods could allow a local attacker to perform privileged actions (e.g., restore from a snapshot) even when the user should only be able to delete snapshots. Affected ...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:31 p.m.3 views

CVE-2026-41048

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/22 3:31 p.m.8 views

EUVD-2026-38272

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/22 3:31 p.m.5 views

CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper

Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:25 p.m.9 views

EUVD-2026-38267

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS5.9AI score0.0015EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:25 p.m.18 views

CVE-2026-41047

The CVE affects qSnapper prior to version 1.3.3, where the snapshot diff functionality permits a local attacker to access information that should be protected due to lack of authentication. This is a local-privilege-related information leak (confidentiality impact). The baseline CVSS measures a M...

6.9CVSS5.9AI score0.0015EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/22 3:25 p.m.4 views

CVE-2026-41047 Information leak via “diff” methods in qSnapper

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS6AI score0.0015EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/22 3:25 p.m.34 views

CVE-2026-41047 Information leak via “diff” methods in qSnapper

Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...

6.9CVSS0.0015EPSS
Exploits0References3
Rows per page
Query Builder