presire/qSnapper

presire/qSnapper

Releases17

Frequency1 week 1 day

Last Release 6 days ago

Stars1

qSnapper is a Qt6/QML GUI application for managing Btrfs/Snapper snapshots on Linux with D-Bus and PolicyKit integration.

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-41046 ↗	Jun 22, 2026Monday, 22 June 2026, 16:16	7.3 HIGH	—
A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root.
CVE-2026-41047 ↗	Jun 22, 2026Monday, 22 June 2026, 16:16	—	—
Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
CVE-2026-41048 ↗	Jun 22, 2026Monday, 22 June 2026, 16:16	—	—
Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed to do "delete snapshot".
CVE-2026-41049 ↗	Jun 22, 2026Monday, 22 June 2026, 16:16	—	—
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
CVE-2026-41045 ↗	Jun 22, 2026Monday, 22 June 2026, 16:16	8.1 HIGH	—
A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.