CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24114 – Local privilege escalation due to race condition on application startup
https://notcve.org/view.php?id=CVE-2022-24114
04 Feb 2022 — Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 Una escalada de privilegios local debido a una condición de carrera en el inicio de la aplicación. Los siguientes productos están afectados: Acronis Cyber Protect Home Office (macOS) versiones anteriores a la compilación 39605, Acronis True Image 2021 (macOS) versiones anteriores a la com... • https://security-advisory.acronis.com/advisories/SEC-3316 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2021-44205 – Local privilege escalation due to DLL hijacking vulnerability
https://notcve.org/view.php?id=CVE-2021-44205
04 Feb 2022 — Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 Una escalada de privilegios local debido a una vulnerabilidad de secuestro de DLL. Los siguientes productos están afectados: Acronis Cyber Protect Home Office (Windows) versiones anteriores a la versión 39612, Acronis True Image 2021 (Windows) versiones anteriores a la versión 39287 • https://security-advisory.acronis.com/advisories/SEC-3059 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-24115 – Local privilege escalation due to unrestricted loading of unsigned libraries
https://notcve.org/view.php?id=CVE-2022-24115
04 Feb 2022 — Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 Una escalada de privilegios local debido a una carga sin restricciones de bibliotecas sin firmar. Los siguientes productos están afectados: Acronis Cyber Protect Home Office (macOS) versiones anteriores a la compilación 39605, Acronis True Image 2021 (macOS) versiones anteriores a la... • https://security-advisory.acronis.com/advisories/SEC-3359 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2022-24113 – Local privilege escalation due to excessive permissions assigned to child processes
https://notcve.org/view.php?id=CVE-2022-24113
04 Feb 2022 — Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 Una escalada de privilegios local debido a permisos excesivos asignados a los procesos hijos. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows) ver... • https://security-advisory.acronis.com/advisories/SEC-2881 • CWE-250: Execution with Unnecessary Privileges CWE-276: Incorrect Default Permissions •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44200 – Self cross-site scripting (XSS) was possible on devices page
https://notcve.org/view.php?id=CVE-2021-44200
29 Nov 2021 — Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Era posible una vulnerabilidad de tipo cross-site scripting (XSS) propio en la página de dispositivos. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-2803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2021-44199 – DLL hijacking could lead to denial of service
https://notcve.org/view.php?id=CVE-2021-44199
29 Nov 2021 — DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 Un secuestro de DLL podía conllevar a una denegación de servicio. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilación 28035, Acronis Agent (Windows) versiones anteriores a la compilación 27305, Acronis C... • https://security-advisory.acronis.com/advisories/SEC-2508 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44202 – Stored cross-site scripting (XSS) was possible in activity details
https://notcve.org/view.php?id=CVE-2021-44202
29 Nov 2021 — Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Era posible una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en los detalles de la actividad. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-3283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44203 – Stored cross-site scripting (XSS) was possible in protection plan details
https://notcve.org/view.php?id=CVE-2021-44203
29 Nov 2021 — Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Era posible una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en los detalles del plan de protección. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-3294 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2021-44198 – DLL hijacking could lead to local privilege escalation
https://notcve.org/view.php?id=CVE-2021-44198
29 Nov 2021 — DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 Un secuestro de DLL podría conllevar a una escalada de privilegios local. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-2128 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-44201 – Cross-site scripting (XSS) was possible in notification pop-ups
https://notcve.org/view.php?id=CVE-2021-44201
29 Nov 2021 — Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 Una vulnerabilidad de tipo cross-site scripting (XSS) era posible en las ventanas emergentes de notificación. Los siguientes productos están afectados: Acronis Cyber Protect 15 (Windows, Linux) versiones anteriores a la compilación 28035 • https://security-advisory.acronis.com/advisories/SEC-3167 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •