22 matches found
CVE-2026-41048
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...
CVE-2026-41047
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...
CVE-2026-41046
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...
CVE-2026-41049
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...
CVE-2026-41045
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...
CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...
CVE-2026-41049
CVE-2026-41049 affects the qSnapper dbus service prior to version 1.3.3. The underlying issue is incorrect caching of authentication between different users, allowing a local attacker to invoke dbus functions after a privileged user has authenticated for them. Documented impact: high confidential...
EUVD-2026-38275
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...
CVE-2026-41048 Caching of Authentication allows Authentication Bypass in qSnapper
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...
CVE-2026-41048
CVE-2026-41048 describes an authentication caching bug in qSnapper prior to version 1.3.3 where caching between different polkit methods could allow a local attacker to perform privileged actions (e.g., restore from a snapshot) even when the user should only be able to delete snapshots. Affected ...
EUVD-2026-38272
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot"...
CVE-2026-41047
The CVE affects qSnapper prior to version 1.3.3, where the snapshot diff functionality permits a local attacker to access information that should be protected due to lack of authentication. This is a local-privilege-related information leak (confidentiality impact). The baseline CVSS measures a M...
CVE-2026-41047 Information leak via “diff” methods in qSnapper
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...
EUVD-2026-38267
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information...
CVE-2026-41046
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...
CVE-2026-41046 path traversal via `config` parameter in qSnapper
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...
CVE-2026-41046
The CVE-2026-41046 issue affects qSnapper prior to v1.3.3, where a path traversal via the configName parameter allows a local attacker to misuse config files for snapper, potentially causing denial of service or root privilege escalation. A fix is available in v1.3.3; upgrade to that version or a...
EUVD-2026-38263
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...
CVE-2026-41045 Weak polkit authentication check in qSnapper
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...
CVE-2026-41045
The CVE pertains to qSnapper prior to v1.3.3, where a time-to-check-time-of-use flaw in polkit authentication allows a local attacker to bypass qSnapper’s authentication and potentially operate as root. This is a local-priviliges issue with HIGH impact (C:H, I:H, A:H) and requires local access wi...