2 matches found
CVE-2017-16667
CVE-2017-16667 - Summary : The Back in Time tool (backintime) prior to version 1.1.24 improperly escapes/quotes file paths passed to the notify-send command, causing parts of the path to be executed as shell commands inside an os.system call in qt4/plugins/notifyplugin.py. This enables a context-...
CVE-2017-7572
CVE-2017-7572 affects Back In Time (backintime) up to version 1.1.18, where _checkPolkitPrivilege in serviceHelper.py uses a deprecated polkit method (unix-process) vulnerable to a race condition via /proc//status, enabling privilege elevation given the timing of check/use. Public patching update...