Vulnerabilities > Druva > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2021-36667 OS Command Injection vulnerability in Druva Insync Client
Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.
local
low complexity
druva CWE-78
4.6
2022-07-12 CVE-2021-36668 Injection vulnerability in Druva Insync Client
URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.
local
low complexity
druva CWE-74
4.6
2020-03-24 CVE-2019-4001 Incorrect Default Permissions vulnerability in Druva Insync 6.5.0
Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code.
local
low complexity
druva CWE-276
4.6