23 matches found
EUVD-2020-4739
Malware in sbrugna...
EUVD-2022-34153
Malicious code in bioql PyPI...
EUVD-2024-19765
Malicious code in bioql PyPI...
CVE-2024-22169
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content...
CVE-2020-12427
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space...
CVE-2020-15816
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables...
The vulnerability of the environment settings in Node.js software for managing Western Digital WD Discovery products allows a hacker to execute arbitrary code.
The vulnerability of the Node.js software for managing Western Digital WD Discovery products relates to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code during the current session...
CVE-2024-22169
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...
CVE-2024-22169
CVE-2024-22169 affects WD Discovery. Versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could enable code execution by abusing the ELECTRON_RUN_AS_NODE environment variable. The attack requires the victim to have the WD Discovery app installed; exploitat...
CVE-2024-22169 Misconfiguration in node.js causing a code execution in WD Discovery
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...
CVE-2024-22169 Misconfiguration in node.js causing a code execution in WD Discovery
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content...
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content...
Design/Logic Flaw
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content...
CVE-2022-29835
CVE-2022-29835 concerns WD Discovery: WD Discovery Desktop App on Mac and Windows prior to 4.4.396 are signed with an unsafe SHA-1 hashing algorithm, enabling potential forged certificate signatures and compromising user content confidentiality. The issue affects WD Discovery software prior to ve...
CVE-2022-29835 WD Discovery's Use of Weak Hashing Algorithm for Code Signing
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content...
PT-2022-19865 · Western Digital · Wd Discovery
Name of the Vulnerable Software and Affected Versions: Western Digital WD Discovery versions prior to 4.4.396 Description: The WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm, which is not collision-free. This weakness could be exploited by an attacker to...
CVE-2020-15816
CVE-2020-15816 affects Western Digital WD Discovery prior to version 4.0.251.0 . A malicious application running with standard user permissions could execute code within the WD Discovery process via library injection using DYLD environment variables . The vulnerability allows code execution in th...
Western Digital WD Discovery Cross-Site Request Forgery Vulnerability
Western Digital MyCloud Home is a personal storage device from Western Digital.Western Digital WD Discovery is a remote connectivity management tool for Western Digital personal storage devices. A cross-site request forgery vulnerability exists in Western Digital WD Discovery versions prior to...