CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8767
https://notcve.org/view.php?id=CVE-2024-8767
17 Sep 2024 — Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147. Divulgación y manipulación de datos confidenciales debido a la asignación innecesaria de privilegios. Los siguientes productos se ven afectados: complemento de Acronis Backup para cPanel y WHM (Linux)... • https://security-advisory.acronis.com/advisories/SEC-4976 • CWE-250: Execution with Unnecessary Privileges •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-8766
https://notcve.org/view.php?id=CVE-2024-8766
16 Sep 2024 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235, Acronis Cyber Protect 16 (Windows) before build 39169. • https://security-advisory.acronis.com/advisories/SEC-7218 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34016
https://notcve.org/view.php?id=CVE-2024-34016
16 Sep 2024 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. • https://security-advisory.acronis.com/advisories/SEC-7188 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34018
https://notcve.org/view.php?id=CVE-2024-34018
29 Aug 2024 — Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. • https://security-advisory.acronis.com/advisories/SEC-4196 • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34017
https://notcve.org/view.php?id=CVE-2024-34017
29 Aug 2024 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. • https://security-advisory.acronis.com/advisories/SEC-4505 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34019
https://notcve.org/view.php?id=CVE-2024-34019
29 Aug 2024 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 4569. • https://security-advisory.acronis.com/advisories/SEC-3079 • CWE-427: Uncontrolled Search Path Element •
CVSS: 10.0EPSS: 57%CPEs: 5EXPL: 1CVE-2023-45249 – Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
https://notcve.org/view.php?id=CVE-2023-45249
24 Jul 2024 — Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.0.1-61, Acronis Cyber Infrastructure (ACI) before build 5.1.1-71, Acronis Cyber Infrastructure (ACI) before build 5.2.1-69, Acronis Cyber Infrastructure (ACI) before build 5.3.1-53, Acronis Cyber Infrastructure (ACI) before build 5.4.4-132. Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passw... • https://packetstorm.news/files/id/181993 • CWE-1393: Use of Default Password •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34013
https://notcve.org/view.php?id=CVE-2024-34013
18 Jul 2024 — Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396. Escalada de privilegios locales debido a una vulnerabilidad de inyección de comandos del sistema operativo. Los siguientes productos se ven afectados: Acronis True Image (macOS) anterior a la compilación 41396. • https://security-advisory.acronis.com/advisories/SEC-7035 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45449
https://notcve.org/view.php?id=CVE-2022-45449
16 Jul 2024 — Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. • https://security-advisory.acronis.com/advisories/SEC-5279 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34012
https://notcve.org/view.php?id=CVE-2024-34012
14 Jun 2024 — Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272. Escalada de privilegios locales debido a permisos de carpetas inseguros. Los siguientes productos se ven afectados: Acronis Cloud Manager (Windows) anterior a la compilación 6.2.24135.272. • https://security-advisory.acronis.com/advisories/SEC-5758 • CWE-276: Incorrect Default Permissions •