Lucene search
K
DruvaInsync Client

6 matches found

CVE
CVE
added 2020/05/21 2:3 p.m.216 views

CVE-2020-5752

CVE-2020-5752: Druva inSync Windows Client contains a path traversal vulnerability in the inSyncCPHwnet64 RPC service (port 6064) that can be exploited locally to run commands as SYSTEM on Windows 10 (x64) with inSync Client 6.6.3 and below. The RPC type 5 handling flaw enables command injection ...

7.8CVSS8AI score0.08607EPSS
CVE
CVE
added 2020/02/25 6:15 p.m.167 views

CVE-2019-3999

CVE-2019-3999 affects Druva inSync Windows Client (notably versions around 6.5.0/6.5.2). A local, unauthenticated attacker can exploit improper neutralization of special elements in the inSyncCPHwnet64 RPC service (on TCP port 6064) to execute arbitrary OS commands with SYSTEM privileges, i.e., a...

7.8CVSS8AI score0.08566EPSS
CVE
CVE
added 2022/07/11 3:6 p.m.67 views

CVE-2021-36668

CVE-2021-36668 concerns a URL injection in Druva’s inSync Electron-based UI for macOS 6.9.0. The vulnerability allows a local attacker to force the app to navigate to an arbitrary URL by manipulating the port parameter, due to issues in the Electron wrapper. Affected software is Driva inSync 6.9....

7.8CVSS7.7AI score0.00563EPSS
CVE
CVE
added 2022/07/11 3:6 p.m.63 views

CVE-2021-36666

CVE-2021-36666 affects Druva for MacOS (version 6.9.0). The issue enables local privilege escalation via the inSyncDecommission component. CVSS values in the NVD entry indicate high severity with LOCAL attack vector and privileges required, though explicit root cause is not detailed beyond inSync...

7.8CVSS7.6AI score0.00423EPSS
CVE
CVE
added 2022/07/11 3:6 p.m.61 views

CVE-2021-36667

CVE-2021-36667 affects Druva inSync 6.9.0 for macOS. The vulnerability is a command injection via a crafted payload to the local HTTP server caused by an unsanitized call to Python’s os.system, enabling arbitrary commands executed with local privileges. The primary impact is execution of arbitrar...

7.8CVSS7.9AI score0.01817EPSS
CVE
CVE
added 2022/07/11 3:6 p.m.60 views

CVE-2021-36665

CVE-2021-36665 affects Druva 6.9.0 for macOS, due to a flaw in the inSyncUpgradeDaemon that allows a local user to escalate privileges. Impact: local privilege escalation with high severity; attack vector is LOCAL and does not require user interaction per the provided description. No explicit exp...

7.8CVSS7.6AI score0.00469EPSS