Vulnerabilities > Acronis > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-01-29 CVE-2020-35145 Untrusted Search Path vulnerability in Acronis True Image
Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue.
4.4
2020-10-21 CVE-2020-10140 Incorrect Permission Assignment for Critical Resource vulnerability in Acronis True Image 2021
Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory.
6.9
2020-09-21 CVE-2020-16171 Server-Side Request Forgery (SSRF) vulnerability in Acronis Cyber Backup 12.5
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342.
network
low complexity
acronis CWE-918
6.4
2008-08-13 CVE-2008-3671 Cryptographic Issues vulnerability in Acronis True Image Echo Server 9.5.8072
Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information.
network
low complexity
linux acronis CWE-310
5.0
2008-03-20 CVE-2008-1411 Improper Input Validation vulnerability in Acronis Snap Deploy 2.0.0.1076
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference.
network
low complexity
acronis CWE-20
5.0
2008-03-20 CVE-2008-1410 Path Traversal vulnerability in Acronis Snap Deploy 2.0.0.1076
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
network
acronis CWE-22
4.3
2008-03-10 CVE-2008-1280 Improper Input Validation vulnerability in Acronis True Image and True Image Windows Agent
Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference.
network
low complexity
acronis CWE-20
5.0
2008-03-10 CVE-2008-1279 Improper Input Validation vulnerability in Acronis True Image
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read.
network
low complexity
acronis CWE-20
5.0