Vulnerabilities > Acronis > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-29 | CVE-2020-35145 | Untrusted Search Path vulnerability in Acronis True Image Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | 4.4 |
| 2020-10-21 | CVE-2020-10140 | Incorrect Permission Assignment for Critical Resource vulnerability in Acronis True Image 2021 Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. | 6.9 |
| 2020-09-21 | CVE-2020-16171 | Server-Side Request Forgery (SSRF) vulnerability in Acronis Cyber Backup 12.5 An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. | 6.4 |
| 2008-08-13 | CVE-2008-3671 | Cryptographic Issues vulnerability in Acronis True Image Echo Server 9.5.8072 Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. | 5.0 |
| 2008-03-20 | CVE-2008-1411 | Improper Input Validation vulnerability in Acronis Snap Deploy 2.0.0.1076 The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. | 5.0 |
| 2008-03-20 | CVE-2008-1410 | Path Traversal vulnerability in Acronis Snap Deploy 2.0.0.1076 Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service. | 4.3 |
| 2008-03-10 | CVE-2008-1280 | Improper Input Validation vulnerability in Acronis True Image and True Image Windows Agent Acronis True Image Windows Agent 1.0.0.54 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a malformed packet to port 9876, which triggers a NULL pointer dereference. | 5.0 |
| 2008-03-10 | CVE-2008-1279 | Improper Input Validation vulnerability in Acronis True Image Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. | 5.0 |