Discovery
by Symantec
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-30248 | Hig | 0.58 | — | 0.01 | Jan 26, 2026 | DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path. | ||
| CVE-2020-15816 | Hig | 0.57 | 8.8 | 0.04 | Jul 17, 2020 | In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | ||
| CVE-2007-1173 | 0.01 | — | 0.08 | May 16, 2007 | Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a… | |||
| CVE-2007-2950 | 0.00 | — | 0.00 | Jul 23, 2007 | Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges. | |||
| CVE-2007-2514 | 0.00 | — | 0.05 | Jun 6, 2007 | Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this… | |||
| CVE-2005-3316 | 0.00 | — | 0.01 | Oct 27, 2005 | The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password. |
- risk 0.58cvss —epss 0.01
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.
- risk 0.57cvss 8.8epss 0.04
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
- CVE-2007-1173May 16, 2007risk 0.01cvss —epss 0.08
Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via long strings in a…
- CVE-2007-2950Jul 23, 2007risk 0.00cvss —epss 0.00
Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.
- CVE-2007-2514Jun 6, 2007risk 0.00cvss —epss 0.05
Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long request. NOTE: this…
- CVE-2005-3316Oct 27, 2005risk 0.00cvss —epss 0.01
The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.