Western Digital

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow…

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing th…

A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker…

An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memor…

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to …

An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an i…

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in t…

A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to b…

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an un…

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares …