CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30696 – Local privilege escalation due to a DLL hijacking vulnerability
https://notcve.org/view.php?id=CVE-2022-30696
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 Una escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos están afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilación 3640 • https://security-advisory.acronis.com/advisories/SEC-3081 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-30695 – Local privilege escalation due to excessive permissions assigned to child processes
https://notcve.org/view.php?id=CVE-2022-30695
Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 Una escalada de privilegios local debido a permisos excesivos asignados a los procesos hijos. Los siguientes productos están afectados: Acronis Snap Deploy (Windows) versiones anteriores a la compilación 3640 • https://security-advisory.acronis.com/advisories/SEC-3080 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 3CVE-2008-1410 – acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer
https://notcve.org/view.php?id=CVE-2008-1410
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service. Vulnerabilidad de salto de directorio en PXE Server (pxesrv.exe) de Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos leer ficheros de su elección mediante la utilización de secuencias de salto de directorio en el servicio TFTP. • https://www.exploit-db.com/exploits/5228 http://aluigi.altervista.org/adv/acropxe-adv.txt http://secunia.com/advisories/29305 http://securityreason.com/securityalert/3758 http://www.securityfocus.com/archive/1/489358/100/0/threaded http://www.securityfocus.com/bid/28182 http://www.vupen.com/english/advisories/2008/0814/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41074 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3CVE-2008-1411 – acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer
https://notcve.org/view.php?id=CVE-2008-1411
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. PXE Server (pxesrv.exe) en Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos provocar una denegación de servicio (parada) al utilizar una petición TFTP incompleta, que dispara una referencia a un puntero NULL. • https://www.exploit-db.com/exploits/5228 http://aluigi.altervista.org/adv/acropxe-adv.txt http://secunia.com/advisories/29305 http://securityreason.com/securityalert/3758 http://www.securityfocus.com/archive/1/489358/100/0/threaded http://www.securityfocus.com/bid/28182 http://www.vupen.com/english/advisories/2008/0814/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41075 • CWE-20: Improper Input Validation •