3 results (0.002 seconds)

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0

An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 Un atacante puede pre crear el directorio "/Applications/Google\ Drive.app/Contents/MacOS" que es esperado que sea propiedad de root para que sea propiedad de un usuario no root. • https://support.google.com/a/answer/7577057?hl=en • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. Vulnerabilidad de exposición de la información en la función SYNO.SynologyDrive.Files en Synology Drive anterior a la versión 1.1.2-10562 permite a los atacantes remotos obtener información confidencial del sistema por medio del parámetro dsm_path. • https://www.synology.com/security/advisory/Synology_SA_18_50 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. Vulnerabilidad de control de acceso incorrecto en Synology Drive en versiones anteriores a la 1.0.2-10275 permite que usuarios autenticados remotos accedan a archivos no compartidos o a carpetas mediante vectores sin especificar. • https://www.synology.com/en-global/support/security/Synology_SA_18_11 • CWE-284: Improper Access Control •