6 matches found
CVE-2020-5752
CVE-2020-5752: Druva inSync Windows Client contains a path traversal vulnerability in the inSyncCPHwnet64 RPC service (port 6064) that can be exploited locally to run commands as SYSTEM on Windows 10 (x64) with inSync Client 6.6.3 and below. The RPC type 5 handling flaw enables command injection ...
CVE-2019-3999
CVE-2019-3999 affects Druva inSync Windows Client (notably versions around 6.5.0/6.5.2). A local, unauthenticated attacker can exploit improper neutralization of special elements in the inSyncCPHwnet64 RPC service (on TCP port 6064) to execute arbitrary OS commands with SYSTEM privileges, i.e., a...
CVE-2021-36668
CVE-2021-36668 concerns a URL injection in Druva’s inSync Electron-based UI for macOS 6.9.0. The vulnerability allows a local attacker to force the app to navigate to an arbitrary URL by manipulating the port parameter, due to issues in the Electron wrapper. Affected software is Driva inSync 6.9....
CVE-2021-36666
CVE-2021-36666 affects Druva for MacOS (version 6.9.0). The issue enables local privilege escalation via the inSyncDecommission component. CVSS values in the NVD entry indicate high severity with LOCAL attack vector and privileges required, though explicit root cause is not detailed beyond inSync...
CVE-2021-36667
CVE-2021-36667 affects Druva inSync 6.9.0 for macOS. The vulnerability is a command injection via a crafted payload to the local HTTP server caused by an unsanitized call to Python’s os.system, enabling arbitrary commands executed with local privileges. The primary impact is execution of arbitrar...
CVE-2021-36665
CVE-2021-36665 affects Druva 6.9.0 for macOS, due to a flaw in the inSyncUpgradeDaemon that allows a local user to escalate privileges. Impact: local privilege escalation with high severity; attack vector is LOCAL and does not require user interaction per the provided description. No explicit exp...