Quest Netvault Backup vulnerabilities
35 known vulnerabilities affecting quest/netvault_backup.
Total CVEs
35
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL24HIGH11
Vulnerabilities
Page 1 of 2
CVE-2017-17417P2CRITICALCVSS 9.8PoCv11.3.0.122018-02-08
CVE-2017-17417 [CRITICAL] CWE-89 CVE-2017-17417: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-
nvd
CVE-2018-1161P2CRITICALCVSS 9.8v11.2.0.132018-02-08
CVE-2018-1161 [CRITICAL] CWE-121 CVE-2018-1161: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of
nvd
CVE-2017-17420P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17420 [CRITICAL] CWE-89 CVE-2017-17420: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCountHistory Get method requests. The issue results from the lack of proper validation of a user-supp
nvd
CVE-2018-1163P2CRITICALCVSS 9.8v11.2.0.132018-02-08
CVE-2018-1163 [CRITICAL] CWE-287 CVE-2018-1163: This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Q
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conju
nvd
CVE-2026-9787P2HIGHCVSS 8.8fixed in 14.0.2v14.0.0.192026-06-25
CVE-2026-9787 [HIGH] CWE-78 CVE-2026-9787: Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vuln
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exi
nvd
CVE-2026-9786P2HIGHCVSS 8.8fixed in 14.0.2v14.0.0.192026-06-25
CVE-2026-9786 [HIGH] CWE-89 CVE-2026-9786: Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerab
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists
nvd
CVE-2026-7570P2HIGHCVSS 8.8v14.0.0.192026-06-25
CVE-2026-7570 [HIGH] CWE-89 CVE-2026-7570: Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerab
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists
nvd
CVE-2026-9783P2HIGHCVSS 8.8fixed in 14.0.2v14.0.0.192026-06-25
CVE-2026-9783 [HIGH] CWE-89 CVE-2026-9783: Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vul
Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw ex
nvd
CVE-2026-9785P2HIGHCVSS 8.8fixed in 14.0.2v14.0.0.192026-06-25
CVE-2026-9785 [HIGH] CWE-89 CVE-2026-9785: Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulner
Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exist
nvd
CVE-2026-9784P2HIGHCVSS 8.8fixed in 14.0.2v14.0.0.192026-06-25
CVE-2026-9784 [HIGH] CWE-89 CVE-2026-9784: Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulner
Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exist
nvd
CVE-2026-9781P2HIGHCVSS 8.8v14.0.0.192026-06-25
CVE-2026-9781 [HIGH] CWE-89 CVE-2026-9781: Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerab
Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists
nvd
CVE-2026-9782P2HIGHCVSS 8.8fixed in 14.0.2v14.0.0.192026-06-25
CVE-2026-9782 [HIGH] CWE-89 CVE-2026-9782: Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulner
Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exist
nvd
CVE-2017-17421P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17421 [CRITICAL] CWE-89 CVE-2017-17421: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectionSet Get method requests. The issue results from the lack of proper validation of a user-supplie
nvd
CVE-2017-17657P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17657 [CRITICAL] CWE-89 CVE-2017-17657: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup TimeRange method requests. The issue results from the lack of proper validation of a user-supplie
nvd
CVE-2017-17419P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17419 [CRITICAL] CWE-89 CVE-2017-17419: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransferHistory Get method requests. The issue results from the lack of proper validation of a user-supp
nvd
CVE-2017-17659P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17659 [CRITICAL] CWE-89 CVE-2017-17659: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobHistory Get method requests. The issue results from the lack of proper validation of a user-supplied
nvd
CVE-2017-17425P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17425 [CRITICAL] CWE-89 CVE-2017-17425: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSourceDeviceSet Get method requests. The issue results from the lack of proper validation of a user-supp
nvd
CVE-2017-17654P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17654 [CRITICAL] CWE-89 CVE-2017-17654: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup ClientList method requests. The issue results from the lack of proper validation of a user-suppli
nvd
CVE-2017-17413P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17413 [CRITICAL] CWE-89 CVE-2017-17413: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupTargetSet Get method requests. The issue results from the lack of proper validation of a user-supp
nvd
CVE-2017-17418P2CRITICALCVSS 9.8v11.3.0.122018-02-08
CVE-2017-17418 [CRITICAL] CWE-89 CVE-2017-17418: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPolicy Get method requests. The issue results from the lack of proper validation of a user-supplied stri
nvd
1 / 2Next →