69 matches found
CVE-2019-4000
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...
CVE-2019-4000
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...
CVE-2019-4000
CVE-2019-4000 affects Druva inSync Mac OS Client 6.5.0. The root cause is improper neutralization of directives in dynamically evaluated code, allowing a local, authenticated attacker to execute arbitrary Python expressions with root privileges. The vulnerability is described as a locally exploit...
CVE-2019-4000
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges...
CVE-2019-3999
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...
CVE-2019-3999
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...
Command injection
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...
CVE-2019-3999
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges...
CVE-2019-3999
CVE-2019-3999 affects Druva inSync Windows Client (notably versions around 6.5.0/6.5.2). A local, unauthenticated attacker can exploit improper neutralization of special elements in the inSyncCPHwnet64 RPC service (on TCP port 6064) to execute arbitrary OS commands with SYSTEM privileges, i.e., a...