CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-31851
https://notcve.org/view.php?id=CVE-2024-31851
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. Existe una vulnerabilidad de path traversal en la versión Java de CData Sync < 23.4.8843 cuando se ejecuta utilizando el servidor Jetty integrado, lo que podría permitir que un atacante remoto no autenticado obtenga acceso a información confidencial y realice acciones limitadas. • https://github.com/Stuub/CVE-2024-31848-PoC https://www.tenable.com/security/research/tra-2024-09 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-0915 – Logitech Sync desktop application prior to 2.4.574 - TOCTOU during installation leads to privelege escalation
https://notcve.org/view.php?id=CVE-2022-0915
There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Logitech Sync for Windows prior to 2.4.574. Successful exploitation of these vulnerabilities may escalate the permission to the system user. Se presenta una vulnerabilidad de condición de carrera de tiempo de comprobación (TOCTOU) en Logitech Sync para Windows versiones anteriores a 2.4.574. Una explotación con éxito de estas vulnerabilidades puede escalar el permiso al usuario del sistema • https://prosupport.logi.com/hc/en-us/articles/360040085114-Download-Logitech-Sync • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-7886 – CloudMe Sync 1.11.0 - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2018-7886
An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892. Se ha descubierto un problema en CloudMe 1.11.0. • https://www.exploit-db.com/exploits/44470 https://0day4u.wordpress.com/2018/03/09/buffer-overflow-on-cloudme-sync-v1-11-0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •