VYPR

Vendor CVEs

Acronis

All CVEs

218 total · sorted by risk
  • CVE-2023-2782May 18, 2023
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38.

  • CVE-2022-4418May 18, 2023
    risk 0.00cvss epss 0.00

    Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.

  • CVE-2022-45450May 18, 2023
    risk 0.00cvss epss 0.00

    Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.

  • CVE-2022-45459May 18, 2023
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.

  • CVE-2022-45458May 18, 2023
    risk 0.00cvss epss 0.00

    Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984.

  • CVE-2022-45457May 18, 2023
    risk 0.00cvss epss 0.00

    Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984.

  • CVE-2022-45452May 18, 2023
    risk 0.00cvss epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.

  • CVE-2022-45453May 18, 2023
    risk 0.00cvss epss 0.00

    TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.

  • CVE-2023-2360Apr 28, 2023
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.

  • CVE-2023-2355Apr 27, 2023
    risk 0.00cvss epss 0.00

    Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.

  • CVE-2022-45456Apr 26, 2023
    risk 0.00cvss epss 0.00

    Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.

  • CVE-2022-45455Feb 13, 2023
    risk 0.00cvss epss 0.00

    Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.

  • CVE-2022-45454Feb 13, 2023
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.

  • CVE-2022-44746Nov 7, 2022
    risk 0.00cvss epss 0.00

    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

  • CVE-2022-44745Nov 7, 2022
    risk 0.00cvss epss 0.00

    Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

  • CVE-2022-44744Nov 7, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

  • CVE-2022-44747Nov 7, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.

  • CVE-2022-44733Nov 7, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

  • CVE-2022-44732Nov 7, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900.

  • CVE-2022-35412Jul 8, 2022
    risk 0.00cvss epss 0.00

    Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.

  • CVE-2022-30991May 18, 2022
    risk 0.00cvss epss 0.01

    HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

  • CVE-2022-30992May 18, 2022
    risk 0.00cvss epss 0.01

    Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

  • CVE-2022-30993May 18, 2022
    risk 0.00cvss epss 0.01

    Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

  • CVE-2022-30994May 18, 2022
    risk 0.00cvss epss 0.01

    Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240

  • CVE-2022-30990May 18, 2022
    risk 0.00cvss epss 0.01

    Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037

  • CVE-2022-30697May 16, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

  • CVE-2022-30696May 16, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

  • CVE-2022-30695May 16, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640

  • CVE-2022-0483Feb 11, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53

  • CVE-2022-24961Feb 11, 2022
    risk 0.00cvss epss 0.02

    In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.

  • CVE-2021-44206Feb 4, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

  • CVE-2021-44204Feb 4, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build…

  • CVE-2022-24114Feb 4, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287

  • CVE-2021-44205Feb 4, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287

  • CVE-2022-24115Feb 4, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287

  • CVE-2022-24113Feb 4, 2022
    risk 0.00cvss epss 0.00

    Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build…

  • CVE-2021-34800Nov 29, 2021
    risk 0.00cvss epss 0.01

    Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147

  • CVE-2021-44200Nov 29, 2021
    risk 0.00cvss epss 0.00

    Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-44199Nov 29, 2021
    risk 0.00cvss epss 0.00

    DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612

  • CVE-2021-44202Nov 29, 2021
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-44203Nov 29, 2021
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-44198Nov 29, 2021
    risk 0.00cvss epss 0.00

    DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035

  • CVE-2021-44201Nov 29, 2021
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035

  • CVE-2021-38087Aug 12, 2021
    risk 0.00cvss epss 0.01

    Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009.

  • CVE-2021-38086Aug 12, 2021
    risk 0.00cvss epss 0.00

    Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to build 26226 allowed local privilege escalation via DLL hijacking.

  • CVE-2021-38088Aug 12, 2021
    risk 0.00cvss epss 0.00

    Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via binary hijacking.

  • CVE-2021-32577Aug 5, 2021
    risk 0.00cvss epss 0.00

    Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.

  • CVE-2021-32581Aug 5, 2021
    risk 0.00cvss epss 0.01

    Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation.

  • CVE-2021-32578Aug 5, 2021
    risk 0.00cvss epss 0.00

    Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2).

  • CVE-2021-32576Aug 5, 2021
    risk 0.00cvss epss 0.00

    Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2).

Page 4 of 5