Search
Search Results (155 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15495 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | ||||
| CVE-2020-14999 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | 7.5 High |
| A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | ||||
| CVE-2020-10140 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis. | ||||
| CVE-2020-10139 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2020-10138 | 1 Acronis | 2 Cyber Backup, Cyber Protect | 2024-11-21 | 7.8 High |
| Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | ||||
| CVE-2024-49390 | 1 Acronis | 1 Cyber Files | 2024-10-18 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | ||||
| CVE-2024-49389 | 1 Acronis | 1 Cyber Files | 2024-10-18 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | ||||
| CVE-2024-49386 | 1 Acronis | 1 Cyber Files | 2024-10-18 | 5.7 Medium |
| Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | ||||
| CVE-2024-49391 | 1 Acronis | 1 Cyber Files | 2024-10-18 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | ||||
| CVE-2024-49392 | 1 Acronis | 1 Cyber Files | 2024-10-18 | 4.8 Medium |
| Stored cross-site scripting (XSS) vulnerability on enrollment invitation page. The following products are affected: Acronis Cyber Files (Windows) before build 9.0.0x24. | ||||
| CVE-2024-8767 | 1 Acronis | 3 Backup Extension For Plesk, Backup Plugin For Cpanel \& Whm, Backup Plugin For Directadmin | 2024-09-20 | N/A |
| Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147. | ||||
| CVE-2024-34016 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2024-09-20 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | ||||
| CVE-2024-34019 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | ||||
| CVE-2024-34018 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | 5.5 Medium |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | ||||
| CVE-2024-34017 | 1 Acronis | 1 Snap Deploy | 2024-09-12 | 7.3 High |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. | ||||