Filtered by vendor Westerndigital Subscriptions
Filtered by product Wd Discovery Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-22169 1 Westerndigital 1 Wd Discovery 2024-08-05 N/A
WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability, enabling code execution within WD Discovery application's context. WD Discovery version 5.0.589 addresses this issue by disabling certain features and fuses in Electron. The attack vector for this issue requires the victim to have the WD Discovery app installed on their device.
CVE-2020-15816 1 Westerndigital 1 Wd Discovery 2024-08-04 8.8 High
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
CVE-2020-12427 3 Apple, Microsoft, Westerndigital 3 Macos, Windows, Wd Discovery 2024-08-04 8.8 High
The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.
CVE-2022-29835 1 Westerndigital 1 Wd Discovery 2024-08-03 5.3 Medium
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.