CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-3219
https://notcve.org/view.php?id=CVE-2017-3219
Acronis True Image up to and including version 2017 Build 8053 performs software updates using HTTP. Downloaded updates are only verified using a server-provided MD5 hash. Acronis True Image hasta e incluyendo la versión 2017 Build 8053 realiza actualizaciones de software mediante HTTP. Las actualizaciones descargadas solo se verifican por medio de un hash MD5 proporcionado por el servidor. • http://www.securityfocus.com/bid/99128 https://www.kb.cert.org/vuls/id/489392 • CWE-311: Missing Encryption of Sensitive Data CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3671
https://notcve.org/view.php?id=CVE-2008-3671
Acronis True Image Echo Server 9.x build 8072 on Linux does not properly encrypt backups to an FTP server, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Acronis True Image Echo Server 9.x build 8072 en Linux no encripta correctamente las copias de seguridad a un servidor FTP, lo que permite a atacantes remotos obtener información sensible. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. The MyReview web application versions 1.9.9 and below and 2.0 Beta suffer from a mishandling of submissions allowing for unintended downloads of said data. • http://secunia.com/advisories/30856 http://www.securityfocus.com/bid/30456 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 3CVE-2008-1410 – acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer
https://notcve.org/view.php?id=CVE-2008-1410
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service. Vulnerabilidad de salto de directorio en PXE Server (pxesrv.exe) de Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos leer ficheros de su elección mediante la utilización de secuencias de salto de directorio en el servicio TFTP. • https://www.exploit-db.com/exploits/5228 http://aluigi.altervista.org/adv/acropxe-adv.txt http://secunia.com/advisories/29305 http://securityreason.com/securityalert/3758 http://www.securityfocus.com/archive/1/489358/100/0/threaded http://www.securityfocus.com/bid/28182 http://www.vupen.com/english/advisories/2008/0814/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41074 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3CVE-2008-1411 – acronis pxe server 2.0.0.1076 - Directory Traversal / Null Pointer
https://notcve.org/view.php?id=CVE-2008-1411
The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to cause a denial of service (crash) via an incomplete TFTP request, which triggers a NULL pointer dereference. PXE Server (pxesrv.exe) en Acronis Snap Deploy versiones 2.0.0.1076 y anteriores permite a atacantes remotos provocar una denegación de servicio (parada) al utilizar una petición TFTP incompleta, que dispara una referencia a un puntero NULL. • https://www.exploit-db.com/exploits/5228 http://aluigi.altervista.org/adv/acropxe-adv.txt http://secunia.com/advisories/29305 http://securityreason.com/securityalert/3758 http://www.securityfocus.com/archive/1/489358/100/0/threaded http://www.securityfocus.com/bid/28182 http://www.vupen.com/english/advisories/2008/0814/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41075 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0CVE-2008-1279
https://notcve.org/view.php?id=CVE-2008-1279
Acronis True Image Group Server 1.5.19.191 and earlier, included in Acronis True Image Enterprise Server 9.5.0.8072 and the other True Image packages, allows remote attackers to cause a denial of service (crash) via a packet with an invalid length field, which causes an out-of-bounds read. Acronis True Image Group Server 1.5.19.191 y anteriores, incluídos en Acronis True Image Enterprise Server 9.5.0.8072 y los otros paquetes True Image, permiten a atacantes remotos causar una denegación de servicio (caída) a través de un paquete con un tamaño de campo inválido que causa una lectura fuera de límite. • http://aluigi.altervista.org/adv/acrogroup-adv.txt http://secunia.com/advisories/29306 http://www.securityfocus.com/archive/1/489353/100/0/threaded http://www.securityfocus.com/bid/28169 http://www.vupen.com/english/advisories/2008/0813/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41071 • CWE-20: Improper Input Validation •