CVE-2024-31851
https://notcve.org/view.php?id=CVE-2024-31851
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. Existe una vulnerabilidad de path traversal en la versión Java de CData Sync < 23.4.8843 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial y realice acciones limitadas. • https://github.com/Stuub/CVE-2024-31848-PoC https://www.tenable.com/security/research/tra-2024-09 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-0915 – Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation
https://notcve.org/view.php?id=CVE-2022-0915
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. Se presenta una vulnerabilidad de condición de carrera de tiempo de comprobación (TOCTOU) en Logitech Sync para Windows versiones anteriores a 2.4.574. Una explotación con éxito de estas vulnerabilidades puede escalar el permiso al usuario del sistema • https://prosupport.logi.com/hc/en-us/articles/360040085114-Download-Logitech-Sync • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2018-6892 – CloudMe Sync < 1.11.0 - Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-6892
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution. Se ha descubierto un problema en versiones anteriores a la 1.11.0 de CloudMe. Un atacante remoto no autenticado que se pueda conectar a la aplicación cliente "CloudMe Sync" que escucha en el puerto 8888 puede enviar un payload malicioso que provoque una condición de desbordamiento de búfer. • https://www.exploit-db.com/exploits/44027 https://www.exploit-db.com/exploits/44175 https://www.exploit-db.com/exploits/45197 https://www.exploit-db.com/exploits/46250 https://github.com/latortuga71/CVE-2018-6892-Golang http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt http://packetstormsecurity.com/files/157407/CloudMe-1.11.2-Buffer-Overflow.html http://packetstormsecurity.com/files/158716/CloudMe-1.11.2-SEH-Buffer-Overflow.html http://packet • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •