Backup
by Comodo
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-29200 | Cri | 0.64 | — | 0.00 | May 4, 2026 | A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call. | ||
| CVE-2018-25261 | Hig | 0.55 | 8.4 | 0.00 | Apr 22, 2026 | Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the… | ||
| CVE-2020-37246 | Med | 0.40 | 6.2 | 0.01 | May 16, 2026 | Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal… | ||
| CVE-2014-9633 | 0.04 | — | 0.08 | Feb 3, 2015 | The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | |||
| CVE-2020-8427 | 0.00 | — | 0.01 | Feb 17, 2020 | In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass. | |||
| CVE-2013-3685 | 0.00 | — | 0.00 | Feb 12, 2020 | A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges. |
- risk 0.64cvss —epss 0.00
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call.
- risk 0.55cvss 8.4epss 0.00
Iperius Backup 5.8.1 contains a local buffer overflow vulnerability in the structured exception handling (SEH) mechanism that allows local attackers to execute arbitrary code by supplying a malicious file path. Attackers can create a backup job with a crafted payload in the…
- risk 0.40cvss 6.2epss 0.01
Supsystic Backup 2.3.9 contains a local file inclusion vulnerability that allows unauthenticated attackers to read and delete arbitrary files by manipulating the download path parameter. Attackers can modify the download parameter in admin.php requests with directory traversal…
- CVE-2014-9633Feb 3, 2015risk 0.04cvss —epss 0.08
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
- CVE-2020-8427Feb 17, 2020risk 0.00cvss —epss 0.01
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted in an authentication bypass.
- CVE-2013-3685Feb 12, 2020risk 0.00cvss —epss 0.00
A Privilege Escalation Vulnerability exists in Sprite Software Spritebud 1.3.24 and 1.3.28 and Backup 2.5.4105 and 2.5.4108 on LG Android smartphones due to a race condition in the spritebud daemon, which could let a local malicious user obtain root privileges.