VYPR

Agent For Windows

by Veeam

CVEs (17)

  • CVE-2024-1244CriJun 11, 2025
    risk 0.62cvss epss 0.00

    Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine…

  • CVE-2025-22447HigMar 6, 2025
    risk 0.51cvss 7.8epss 0.00

    Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.

  • CVE-2024-23774HigApr 30, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM…

  • CVE-2024-23773HigApr 30, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.

  • CVE-2026-32996HigMay 28, 2026
    risk 0.47cvss epss 0.00

    This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.

  • CVE-2025-48982Oct 30, 2025
    risk 0.00cvss epss 0.00

    This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file.

  • CVE-2024-45207Dec 4, 2024
    risk 0.00cvss epss 0.00

    DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it…

  • CVE-2024-29853May 22, 2024
    risk 0.00cvss epss 0.00

    An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation.

  • CVE-2023-28142Apr 18, 2023
    risk 0.00cvss epss 0.00

    A Race Condition exists in the Qualys Cloud Agent for Windows platform in versions from 3.1.3.34 and before 4.5.3.1. This allows attackers to escalate privileges limited on the local machine during uninstallation of the Qualys Cloud Agent for Windows. Attackers may gain SYSTEM…

  • CVE-2023-28141Apr 18, 2023
    risk 0.00cvss epss 0.00

    An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Attackers may write files to arbitrary locations via a local attack vector. This allows attackers to assume the privileges of the process, and they may delete or…

  • CVE-2023-0975Apr 3, 2023
    risk 0.00cvss epss 0.00

    A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.

  • CVE-2022-26503Mar 17, 2022
    risk 0.00cvss epss 0.01

    Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.

  • CVE-2021-31836Sep 22, 2021
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.

  • CVE-2021-31847Sep 22, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as…

  • CVE-2021-31841Sep 22, 2021
    risk 0.00cvss epss 0.00

    A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the…

  • CVE-2021-31840Jun 10, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attack with unsigned DLLs. To exploit this vulnerability, the attacker would need to…

  • CVE-2021-25688Feb 11, 2021
    risk 0.00cvss epss 0.00

    Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.