Vendor CVEs
Acronis
All CVEs
218 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-32580 | 0.00 | — | 0.00 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking. | |||
| CVE-2021-32579 | 0.00 | — | 0.00 | Aug 5, 2021 | Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API. | |||
| CVE-2020-14999 | 0.00 | — | 0.01 | Jul 27, 2021 | A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | |||
| CVE-2020-15495 | 0.00 | — | 0.00 | Jul 15, 2021 | Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | |||
| CVE-2020-25593 | 0.00 | — | 0.00 | Jul 15, 2021 | Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | |||
| CVE-2020-15496 | 0.00 | — | 0.00 | Jul 15, 2021 | Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | |||
| CVE-2020-9452 | 0.00 | — | 0.00 | May 25, 2021 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions… | |||
| CVE-2020-9450 | 0.00 | — | 0.00 | May 25, 2021 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an… | |||
| CVE-2020-9451 | 0.00 | — | 0.00 | May 25, 2021 | An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet… | |||
| CVE-2020-35556 | 0.00 | — | 0.01 | Feb 22, 2021 | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. | |||
| CVE-2020-35664 | 0.00 | — | 0.01 | Feb 22, 2021 | An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console. | |||
| CVE-2020-35145 | 0.00 | — | 0.01 | Jan 29, 2021 | Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | |||
| CVE-2020-10139 | 0.00 | — | 0.00 | Oct 21, 2020 | Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories… | |||
| CVE-2020-10140 | 0.00 | — | 0.00 | Oct 21, 2020 | Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of… | |||
| CVE-2020-10138 | 0.00 | — | 0.01 | Oct 21, 2020 | Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because… | |||
| CVE-2008-3671 | 0.00 | — | 0.02 | Aug 13, 2008 | Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2008-1279 | 0.00 | — | 0.02 | Mar 10, 2008 | Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an… | |||
| CVE-2008-1280 | 0.00 | — | 0.02 | Mar 10, 2008 | Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer… |
- CVE-2021-32580Aug 5, 2021risk 0.00cvss —epss 0.00
Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL hijacking.
- CVE-2021-32579Aug 5, 2021risk 0.00cvss —epss 0.00
Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 for macOS allowed an unauthenticated attacker (who has a local code execution ability) to tamper with the micro-service API.
- CVE-2020-14999Jul 27, 2021risk 0.00cvss —epss 0.01
A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data.
- CVE-2020-15495Jul 15, 2021risk 0.00cvss —epss 0.00
Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration.
- CVE-2020-25593Jul 15, 2021risk 0.00cvss —epss 0.00
Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions.
- CVE-2020-15496Jul 15, 2021risk 0.00cvss —epss 0.00
Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions.
- CVE-2020-9452May 25, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe includes functionality to quarantine files by copying a suspected ransomware file from one directory to another using SYSTEM privileges. Because unprivileged users have write permissions…
- CVE-2020-9450May 25, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the GUI to anti_ransomware_service.exe. This can be exploited to add an…
- CVE-2020-9451May 25, 2021risk 0.00cvss —epss 0.00
An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ransomware_service.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a (not yet…
- CVE-2020-35556Feb 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.
- CVE-2020-35664Feb 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. There is cross-site scripting (XSS) in the console.
- CVE-2020-35145Jan 29, 2021risk 0.00cvss —epss 0.01
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
- CVE-2020-10139Oct 21, 2020risk 0.00cvss —epss 0.00
Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories…
- CVE-2020-10140Oct 21, 2020risk 0.00cvss —epss 0.00
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of…
- CVE-2020-10138Oct 21, 2020risk 0.00cvss —epss 0.01
Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because…
- CVE-2008-3671Aug 13, 2008risk 0.00cvss —epss 0.02
Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2008-1279Mar 10, 2008risk 0.00cvss —epss 0.02
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an…
- CVE-2008-1280Mar 10, 2008risk 0.00cvss —epss 0.02
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer…
Page 5 of 5