Vendor CVEs
Acronis
All CVEs
218 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-2782 | 0.00 | — | 0.00 | May 18, 2023 | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. | |||
| CVE-2022-4418 | 0.00 | — | 0.00 | May 18, 2023 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208. | |||
| CVE-2022-45450 | 0.00 | — | 0.00 | May 18, 2023 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. | |||
| CVE-2022-45459 | 0.00 | — | 0.00 | May 18, 2023 | Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | |||
| CVE-2022-45458 | 0.00 | — | 0.00 | May 18, 2023 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. | |||
| CVE-2022-45457 | 0.00 | — | 0.00 | May 18, 2023 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. | |||
| CVE-2022-45452 | 0.00 | — | 0.00 | May 18, 2023 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | |||
| CVE-2022-45453 | 0.00 | — | 0.00 | May 18, 2023 | TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | |||
| CVE-2023-2360 | 0.00 | — | 0.00 | Apr 28, 2023 | Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | |||
| CVE-2023-2355 | 0.00 | — | 0.00 | Apr 27, 2023 | Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. | |||
| CVE-2022-45456 | 0.00 | — | 0.00 | Apr 26, 2023 | Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161. | |||
| CVE-2022-45455 | 0.00 | — | 0.00 | Feb 13, 2023 | Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | |||
| CVE-2022-45454 | 0.00 | — | 0.00 | Feb 13, 2023 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984. | |||
| CVE-2022-44746 | 0.00 | — | 0.00 | Nov 7, 2022 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||
| CVE-2022-44745 | 0.00 | — | 0.00 | Nov 7, 2022 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||
| CVE-2022-44744 | 0.00 | — | 0.00 | Nov 7, 2022 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||
| CVE-2022-44747 | 0.00 | — | 0.00 | Nov 7, 2022 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | |||
| CVE-2022-44733 | 0.00 | — | 0.00 | Nov 7, 2022 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | |||
| CVE-2022-44732 | 0.00 | — | 0.00 | Nov 7, 2022 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | |||
| CVE-2022-35412 | 0.00 | — | 0.00 | Jul 8, 2022 | Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device. | |||
| CVE-2022-30991 | 0.00 | — | 0.01 | May 18, 2022 | HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||
| CVE-2022-30992 | 0.00 | — | 0.01 | May 18, 2022 | Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||
| CVE-2022-30993 | 0.00 | — | 0.01 | May 18, 2022 | Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||
| CVE-2022-30994 | 0.00 | — | 0.01 | May 18, 2022 | Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 | |||
| CVE-2022-30990 | 0.00 | — | 0.01 | May 18, 2022 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 | |||
| CVE-2022-30697 | 0.00 | — | 0.00 | May 16, 2022 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||
| CVE-2022-30696 | 0.00 | — | 0.00 | May 16, 2022 | Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||
| CVE-2022-30695 | 0.00 | — | 0.00 | May 16, 2022 | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||
| CVE-2022-0483 | 0.00 | — | 0.00 | Feb 11, 2022 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 | |||
| CVE-2022-24961 | 0.00 | — | 0.02 | Feb 11, 2022 | In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | |||
| CVE-2021-44206 | 0.00 | — | 0.00 | Feb 4, 2022 | Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | |||
| CVE-2021-44204 | 0.00 | — | 0.00 | Feb 4, 2022 | Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build… | |||
| CVE-2022-24114 | 0.00 | — | 0.00 | Feb 4, 2022 | Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 | |||
| CVE-2021-44205 | 0.00 | — | 0.00 | Feb 4, 2022 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | |||
| CVE-2022-24115 | 0.00 | — | 0.00 | Feb 4, 2022 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 | |||
| CVE-2022-24113 | 0.00 | — | 0.00 | Feb 4, 2022 | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build… | |||
| CVE-2021-34800 | 0.00 | — | 0.01 | Nov 29, 2021 | Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147 | |||
| CVE-2021-44200 | 0.00 | — | 0.00 | Nov 29, 2021 | Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-44199 | 0.00 | — | 0.00 | Nov 29, 2021 | DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 | |||
| CVE-2021-44202 | 0.00 | — | 0.00 | Nov 29, 2021 | Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-44203 | 0.00 | — | 0.00 | Nov 29, 2021 | Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-44198 | 0.00 | — | 0.00 | Nov 29, 2021 | DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 | |||
| CVE-2021-44201 | 0.00 | — | 0.01 | Nov 29, 2021 | Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||
| CVE-2021-38087 | 0.00 | — | 0.01 | Aug 12, 2021 | Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | |||
| CVE-2021-38086 | 0.00 | — | 0.00 | Aug 12, 2021 | Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking. | |||
| CVE-2021-38088 | 0.00 | — | 0.00 | Aug 12, 2021 | Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking. | |||
| CVE-2021-32577 | 0.00 | — | 0.00 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. | |||
| CVE-2021-32581 | 0.00 | — | 0.01 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. | |||
| CVE-2021-32578 | 0.00 | — | 0.00 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). | |||
| CVE-2021-32576 | 0.00 | — | 0.00 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). |
- CVE-2023-2782May 18, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38.
- CVE-2022-4418May 18, 2023risk 0.00cvss —epss 0.00
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.
- CVE-2022-45450May 18, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.
- CVE-2022-45459May 18, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
- CVE-2022-45458May 18, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984.
- CVE-2022-45457May 18, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984.
- CVE-2022-45452May 18, 2023risk 0.00cvss —epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.
- CVE-2022-45453May 18, 2023risk 0.00cvss —epss 0.00
TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
- CVE-2023-2360Apr 28, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.
- CVE-2023-2355Apr 27, 2023risk 0.00cvss —epss 0.00
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.
- CVE-2022-45456Apr 26, 2023risk 0.00cvss —epss 0.00
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.
- CVE-2022-45455Feb 13, 2023risk 0.00cvss —epss 0.00
Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
- CVE-2022-45454Feb 13, 2023risk 0.00cvss —epss 0.00
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
- CVE-2022-44746Nov 7, 2022risk 0.00cvss —epss 0.00
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
- CVE-2022-44745Nov 7, 2022risk 0.00cvss —epss 0.00
Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
- CVE-2022-44744Nov 7, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
- CVE-2022-44747Nov 7, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
- CVE-2022-44733Nov 7, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
- CVE-2022-44732Nov 7, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.
- CVE-2022-35412Jul 8, 2022risk 0.00cvss —epss 0.00
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.
- CVE-2022-30991May 18, 2022risk 0.00cvss —epss 0.01
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
- CVE-2022-30992May 18, 2022risk 0.00cvss —epss 0.01
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
- CVE-2022-30993May 18, 2022risk 0.00cvss —epss 0.01
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
- CVE-2022-30994May 18, 2022risk 0.00cvss —epss 0.01
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
- CVE-2022-30990May 18, 2022risk 0.00cvss —epss 0.01
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037
- CVE-2022-30697May 16, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
- CVE-2022-30696May 16, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
- CVE-2022-30695May 16, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
- CVE-2022-0483Feb 11, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53
- CVE-2022-24961Feb 11, 2022risk 0.00cvss —epss 0.02
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
- CVE-2021-44206Feb 4, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
- CVE-2021-44204Feb 4, 2022risk 0.00cvss —epss 0.00
Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build…
- CVE-2022-24114Feb 4, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
- CVE-2021-44205Feb 4, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287
- CVE-2022-24115Feb 4, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287
- CVE-2022-24113Feb 4, 2022risk 0.00cvss —epss 0.00
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build…
- CVE-2021-34800Nov 29, 2021risk 0.00cvss —epss 0.01
Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147
- CVE-2021-44200Nov 29, 2021risk 0.00cvss —epss 0.00
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-44199Nov 29, 2021risk 0.00cvss —epss 0.00
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
- CVE-2021-44202Nov 29, 2021risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-44203Nov 29, 2021risk 0.00cvss —epss 0.00
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-44198Nov 29, 2021risk 0.00cvss —epss 0.00
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
- CVE-2021-44201Nov 29, 2021risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
- CVE-2021-38087Aug 12, 2021risk 0.00cvss —epss 0.01
Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.
- CVE-2021-38086Aug 12, 2021risk 0.00cvss —epss 0.00
Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.
- CVE-2021-38088Aug 12, 2021risk 0.00cvss —epss 0.00
Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.
- CVE-2021-32577Aug 5, 2021risk 0.00cvss —epss 0.00
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
- CVE-2021-32581Aug 5, 2021risk 0.00cvss —epss 0.01
Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.
- CVE-2021-32578Aug 5, 2021risk 0.00cvss —epss 0.00
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).
- CVE-2021-32576Aug 5, 2021risk 0.00cvss —epss 0.00
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).
Page 4 of 5