Skip to main content

Insync Client

5 CVEs product

Monthly

CVE-2021-36668 HIGH POC This Week

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Code Injection Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-36667 HIGH POC PATCH This Week

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Python Apple Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-36666 HIGH POC This Week

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-36665 HIGH POC This Week

An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Deserialization Insync Client
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-5752 HIGH POC Act Now

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Insync Client
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
8.6%
EPSS 1% CVSS 7.8
HIGH POC This Week

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Code Injection Insync Client
NVD VulDB
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Python Apple +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Insync Client
NVD VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Deserialization Insync Client
NVD VulDB
EPSS 9% CVSS 7.8
HIGH POC Act Now

Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Insync Client
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy