Vulnerabilities > Westerndigital > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-27 | CVE-2022-23006 | Out-of-bounds Write vulnerability in Westerndigital products A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. | 6.7 |
| 2022-09-19 | CVE-2022-29835 | Inadequate Encryption Strength vulnerability in Westerndigital WD Discovery 4.0.251.0 WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. | 5.3 |
| 2022-07-29 | CVE-2022-23001 | Incorrect Calculation vulnerability in Westerndigital Sweet B 1 When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. | 5.3 |
| 2022-07-29 | CVE-2022-23002 | Unspecified vulnerability in Westerndigital Sweet B 1 When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. | 5.3 |
| 2022-07-29 | CVE-2022-23003 | Incorrect Calculation vulnerability in Westerndigital Sweet B 1 When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. | 5.3 |
| 2022-07-29 | CVE-2022-23004 | Incorrect Calculation vulnerability in Westerndigital Sweet B 1 When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. | 5.3 |
| 2022-07-25 | CVE-2022-22999 | Cross-site Scripting vulnerability in Westerndigital products Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. | 4.8 |
| 2021-03-19 | CVE-2021-28653 | Insecure Storage of Sensitive Information vulnerability in Westerndigital Armorlock The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. | 6.5 |
| 2020-11-18 | CVE-2020-13799 | Authentication Bypass by Capture-replay vulnerability in multiple products Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. | 6.8 |
| 2020-04-15 | CVE-2020-10951 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Westerndigital IBI and MY Cloud Home Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | 4.7 |