Vulnerabilities > Druva > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-07-12 | CVE-2021-36667 | OS Command Injection vulnerability in Druva Insync Client Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library. | 4.6 |
2022-07-12 | CVE-2021-36668 | Injection vulnerability in Druva Insync Client URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. | 4.6 |
2020-03-24 | CVE-2019-4001 | Incorrect Default Permissions vulnerability in Druva Insync 6.5.0 Improper input validation in Druva inSync Client 6.5.0 allows a local, authenticated attacker to execute arbitrary NodeJS code. | 4.6 |