NotCVE - vendor:"Le-web" product:"Backintime" version:"0.9.26"

3 results (0.033 seconds)

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-16667 – Gentoo Linux Security Advisory 201801-06

https://notcve.org/view.php?id=CVE-2017-16667

08 Nov 2017 — backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands. backintime (también conocido como Back in Time) en versiones anteriores a la 1.1.24 escapaba/entrecomillaba incorrectamente las rutas de ar... • https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-7572

https://notcve.org/view.php?id=CVE-2017-7572

06 Apr 2017 — The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc//status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the origina... • https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0

CVE-2009-3611

https://notcve.org/view.php?id=CVE-2009-3611

26 Oct 2009 — common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots. common/snapshots.py en Back In Time (también conocido como backintime) v0.9.26 cambia ciertos permisos al valor 0777 antes de eliminar los ficheros en una copia de seguridad antigua de un punto ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543785 • CWE-732: Incorrect Permission Assignment for Critical Resource •