30 matches found
CVE-2026-41046
The CVE-2026-41046 issue affects qSnapper prior to v1.3.3, where a path traversal via the configName parameter allows a local attacker to misuse config files for snapper, potentially causing denial of service or root privilege escalation. A fix is available in v1.3.3; upgrade to that version or a...
CVE-2026-41046 path traversal via `config` parameter in qSnapper
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root...
CVE-2026-41045
The CVE pertains to qSnapper prior to v1.3.3, where a time-to-check-time-of-use flaw in polkit authentication allows a local attacker to bypass qSnapper’s authentication and potentially operate as root. This is a local-priviliges issue with HIGH impact (C:H, I:H, A:H) and requires local access wi...
CVE-2026-41045 Weak polkit authentication check in qSnapper
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...
EUVD-2026-38259
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user...
PT-2026-51336
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description The qSnapper dbus service incorrectly caches authentication between different users. This allows a local attacker to utilize dbus functions after a privileged user has already performed authenticati...
PT-2026-51333
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A path traversal issue exists when using the configName parameter. This allows a local attacker to utilize malicious configuration files for snapper, which can lead to a denial of service or potenti...
PT-2026-51335
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Incorrect caching of authentication between different polkit PolicyKit, a component for controlling privileges in Unix-like operating systems methods allows a local attacker to perform unauthorized...
PT-2026-51334
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description Lack of authentication when using the snapshot diff functions allows a local attacker to access information that is otherwise read protected. Recommendations Update to version 1.3.3 or later...
PT-2026-44372
Name of the Vulnerable Software and Affected Versions qSnapper versions prior to 1.3.3 Description A time-to-check-time-of-use TOCTOU issue in the polkit authentication of qSnapper allows a local attacker to bypass the authentication mechanism. This can enable the attacker to perform operations...