VYPR

Discovery

by Centennial

CVEs (6)

  • CVE-2020-12427HigMay 13, 2020
    risk 0.57cvss 8.8epss 0.00

    The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.

  • CVE-2024-22169HigAug 2, 2024
    risk 0.46cvss epss 0.00

    WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRON_RUN_AS_NODE' environment variable. Any malicious application operating with standard user permissions can exploit…

  • CVE-2022-29835MedSep 19, 2022
    risk 0.34cvss 5.3epss 0.00

    WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality…

  • CVE-2007-1173May 16, 2007
    risk 0.01cvss epss 0.08

    Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a…

  • CVE-2007-2950Jul 23, 2007
    risk 0.00cvss epss 0.00

    Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.

  • CVE-2007-2514Jun 6, 2007
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this…