Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-28653
The iOS and macOS apps prior to 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
Westerndigital Armorlock
9.1
CVSSv3
CVE-2022-22988
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated malicious user to now traverse through the files and directories. This can only be exploited once an attacker has ...
Westerndigital Edgerover
1 Article
6.1
CVSSv3
CVE-2020-8960
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.
Westerndigital Mycloud.com
1 Github repository
8.8
CVSSv3
CVE-2021-33205
Western Digital EdgeRover prior to 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious ac...
Westerndigital Edgerover
8.8
CVSSv3
CVE-2020-15816
In Western Digital WD Discovery prior to 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
Westerndigital Wd Discovery
7.4
CVSSv3
CVE-2023-22812
SanDisk PrivateAccess versions before 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.
Westerndigital Sandisk Privateaccess
5.3
CVSSv3
CVE-2022-29835
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality o...
Westerndigital Wd Discovery
8.8
CVSSv3
CVE-2020-12427
The Western Digital WD Discovery application prior to 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.
Westerndigital Wd Discovery
4.6
CVSSv3
CVE-2018-7928
There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions prior to 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old ...
Westerndigital My Cloud
6.7
CVSSv3
CVE-2023-22815
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an malicious user to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attac...
Westerndigital My Cloud Os
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »