Filtered by vendor Acronis
Subscribe
Total
172 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10140 | 1 Acronis | 1 True Image | 2026-06-17 | 6.9 MEDIUM | 7.8 HIGH |
| Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths within C:\ProgramData\Acronis. | |||||
| CVE-2020-10139 | 1 Acronis | 1 True Image | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis True Image contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | |||||
| CVE-2020-10138 | 1 Acronis | 2 Cyber Backup, Cyber Protect | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\. Acronis Cyber Backup and Cyber Protect contain a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges. | |||||
| CVE-2017-3219 | 1 Acronis | 1 True Image | 2026-06-17 | 8.3 HIGH | 8.8 HIGH |
| Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. | |||||
| CVE-2008-3671 | 2 Acronis, Linux | 2 True Image Echo Server, Linux Kernel | 2026-06-16 | 5.0 MEDIUM | N/A |
| Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1411 | 1 Acronis | 1 Snap Deploy | 2026-06-16 | 5.0 MEDIUM | N/A |
| The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1410 | 1 Acronis | 1 Snap Deploy | 2026-06-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service. | |||||
| CVE-2008-1280 | 1 Acronis | 2 True Image, True Image Windows Agent | 2026-06-16 | 5.0 MEDIUM | N/A |
| Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1279 | 1 Acronis | 1 True Image | 2026-06-16 | 5.0 MEDIUM | N/A |
| Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | |||||
| CVE-2026-28728 | 1 Acronis | 1 True Image | 2026-04-20 | N/A | 6.7 MEDIUM |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | |||||
| CVE-2026-27774 | 1 Acronis | 1 True Image | 2026-04-20 | N/A | 6.7 MEDIUM |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | |||||
| CVE-2026-33271 | 1 Acronis | 1 True Image | 2026-04-20 | N/A | 6.7 MEDIUM |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | |||||