Filtered by vendor Acronis
Subscribe
Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3219 | 1 Acronis | 1 True Image | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |||||
| CVE-2008-1410 | 1 Acronis | 1 Snap Deploy | 2025-04-09 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service. | |||||
| CVE-2008-3671 | 2 Acronis, Linux | 2 True Image Echo Server, Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
| Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1411 | 1 Acronis | 1 Snap Deploy | 2025-04-09 | 5.0 MEDIUM | N/A |
| The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1280 | 1 Acronis | 2 True Image, True Image Windows Agent | 2025-04-09 | 5.0 MEDIUM | N/A |
| Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1279 | 1 Acronis | 1 True Image | 2025-04-09 | 5.0 MEDIUM | N/A |
| Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | |||||
| CVE-2023-48678 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48679 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48680 | 3 Acronis, Apple, Microsoft | 3 Cyber Protect, Macos, Windows | 2025-02-06 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Cyber Protect 16 (macOS, Windows) before build 37391. | |||||
| CVE-2023-48681 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 6.1 MEDIUM |
| Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48682 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2024-49388 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 9.1 CRITICAL |
| Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49384 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49382 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49387 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 7.5 HIGH |
| Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2024-49383 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | N/A | 4.3 MEDIUM |
| Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | |||||
| CVE-2023-48677 | 2 Acronis, Microsoft | 2 Cyber Protect Home Office, Windows | 2025-01-31 | N/A | 7.8 HIGH |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901, Acronis Cyber Protect Cloud Agent (Windows) before build 39378. | |||||
| CVE-2023-45249 | 1 Acronis | 1 Cyber Infrastructure | 2025-01-27 | N/A | 9.8 CRITICAL |
| Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. | |||||
| CVE-2023-45247 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-01-02 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36497, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | |||||
| CVE-2023-45246 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2025-01-02 | N/A | 7.1 HIGH |
| Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 36343, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169. | |||||