4 matches found
CVE-2021-36668
CVE-2021-36668 concerns a URL injection in Druva’s inSync Electron-based UI for macOS 6.9.0. The vulnerability allows a local attacker to force the app to navigate to an arbitrary URL by manipulating the port parameter, due to issues in the Electron wrapper. Affected software is Driva inSync 6.9....
CVE-2021-36666
CVE-2021-36666 affects Druva for MacOS (version 6.9.0). The issue enables local privilege escalation via the inSyncDecommission component. CVSS values in the NVD entry indicate high severity with LOCAL attack vector and privileges required, though explicit root cause is not detailed beyond inSync...
CVE-2021-36667
CVE-2021-36667 affects Druva inSync 6.9.0 for macOS. The vulnerability is a command injection via a crafted payload to the local HTTP server caused by an unsanitized call to Python’s os.system, enabling arbitrary commands executed with local privileges. The primary impact is execution of arbitrar...
CVE-2021-36665
CVE-2021-36665 affects Druva 6.9.0 for macOS, due to a flaw in the inSyncUpgradeDaemon that allows a local user to escalate privileges. Impact: local privilege escalation with high severity; attack vector is LOCAL and does not require user interaction per the provided description. No explicit exp...