How severe is CVE-2022-29835?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-29835?

This is classified as CWE-328, which is a common weakness in software security.

CVE-2022-29835 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.

Related Vulnerabilities

CVE-2023-0452

MEDIUM

CVSS:5.3(Medium)

Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypti...

CWE-3282023

CVE-2024-34914

MEDIUM

CVSS:5.3(Medium)

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain a...

CWE-3282024

CVE-2024-52521

MEDIUM

CVSS:5.3(Medium)

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being...

CWE-3282024

CVE-2024-56414

MEDIUM

CVSS:5.5(Medium)

Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CWE-3282024

CVE-2023-44319

MEDIUM

CVSS:4.9(Medium)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB ...

CWE-3282023

CVE-2024-8453

MEDIUM

CVSS:4.9(Medium)

Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files t...

CWE-3282024