Vulnerabilities > Druva > Insync

DATE CVE VULNERABILITY TITLE RISK
2020-12-07 CVE-2020-5798 Improper Validation of Integrity Check Value vulnerability in Druva Insync 6.8.0
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.
local
low complexity
druva CWE-354
7.8
2020-03-24 CVE-2019-4001 Improper Input Validation vulnerability in Druva Insync 6.5.0
Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code.
local
low complexity
druva CWE-20
7.8
2020-02-25 CVE-2019-4000 Code Injection vulnerability in Druva Insync 6.5.0
Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges.
local
low complexity
druva CWE-94
7.8