CVE-2024-22169
- EPSS 0.06%
- Veröffentlicht 02.08.2024 19:16:29
- Zuletzt bearbeitet 05.08.2024 12:41:45
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user...
CVE-2022-29835
- EPSS 0.08%
- Veröffentlicht 19.09.2022 20:15:12
- Zuletzt bearbeitet 21.11.2024 06:59:46
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereb...
CVE-2020-15816
- EPSS 0.89%
- Veröffentlicht 17.07.2020 20:15:11
- Zuletzt bearbeitet 21.11.2024 05:06:14
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
CVE-2020-12427
- EPSS 0.15%
- Veröffentlicht 13.05.2020 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:59:42
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.