CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34014
https://notcve.org/view.php?id=CVE-2024-34014
Arbitrary file overwrite during recovery due to improper soft link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181. Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181. • https://security-advisory.acronis.com/advisories/SEC-7592 • CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8767
https://notcve.org/view.php?id=CVE-2024-8767
Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147. Divulgación y manipulación de datos confidenciales debido a la asignación innecesaria de privilegios. Los siguientes productos se ven afectados: complemento de Acronis Backup para cPanel y WHM (Linux) anterior a la compilación 619, extensión de Acronis Backup para Plesk (Linux) anterior a la compilación 555, complemento de Acronis Backup para DirectAdmin (Linux) anterior a la compilación 147. • https://security-advisory.acronis.com/advisories/SEC-4976 • CWE-250: Execution with Unnecessary Privileges •