Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
westerndigital vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-15816
In Western Digital WD Discovery prior to 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
Westerndigital Wd Discovery
5.3
CVSSv3
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the libr...
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23002
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be l...
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations....
Westerndigital Sweet B 1
5.3
CVSSv3
CVE-2022-23004
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an malicious user to cau...
Westerndigital Sweet B 1
7.8
CVSSv3
CVE-2023-22818
Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution ...
Westerndigital Sandisk Security Installer
9.8
CVSSv3
CVE-2018-9148
Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for malicious users to bypass authentication by listing a directory. NOTE: this can be exploited in conjunction with CVE-2018-7171 for remote authenticati...
Westerndigital My Cloud Firmware 04.05.00-320
7.8
CVSSv3
CVE-2022-22996
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.
Westerndigital Sandisk Professional G-raid 4\\/8 Software Utility
Westerndigital Sandisk Professional G-raid 4\\/8 Software Utility Driver
NA
CVE-2014-5876
The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Westerndigital Wd My Cloud 4.0.0
7.5
CVSSv3
CVE-2019-13466
Western Digital SSD Dashboard prior to 2.5.1.0 and SanDisk SSD Dashboard prior to 2.5.1.0 have Incorrect Access Control. The “generate reports” archive is protected with a hard-coded password. An application update that addresses the protection of archive encryption i...
Westerndigital Ssd Dashboard
Sandisk Ssd Dashboard
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »