True Image
Sign in to watchby Acronis
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-3219 | Hig | 0.57 | 8.8 | 0.00 | Jun 21, 2017 | Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |
| CVE-2026-33271 | Med | 0.44 | 6.7 | 0.00 | Apr 2, 2026 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | |
| CVE-2026-28728 | Med | 0.44 | 6.7 | 0.00 | Apr 2, 2026 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | |
| CVE-2026-27774 | Med | 0.44 | 6.7 | 0.00 | Apr 2, 2026 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | |
| CVE-2008-1279 | 0.00 | — | 0.01 | Mar 10, 2008 | Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | ||
| CVE-2008-1280 | 0.00 | — | 0.01 | Mar 10, 2008 | Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. |