VYPR
Vendor

Backintime Project

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2017-7572HigApr 6, 2017
    risk 0.53cvss 8.1epss 0.01

    The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of…

  • CVE-2017-16667HigNov 8, 2017
    risk 0.51cvss 7.8epss 0.01

    backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow…

  • CVE-2009-3611HigOct 26, 2009
    risk 0.46cvss 7.1epss 0.00

    common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying…