84 matches found
EUVD-2022-39045
Malicious code in bioql PyPI...
EUVD-2022-34154
Malicious code in bioql PyPI...
EUVD-2023-26931
Malicious code in bioql PyPI...
EUVD-2022-39042
Malicious code in bioql PyPI...
EUVD-2022-39046
Malicious code in bioql PyPI...
CVE-2023-22819
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...
CVE-2022-29837
A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. This could potentially lead to a code execution...
CVE-2022-36329
An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before...
CVE-2022-36331
Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo:...
CVE-2024-22168
A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...
CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps
A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...
Multiple Western Digital Products Cross-Site Scripting Vulnerability
Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in multiple Western Digital products that stems from the presence of a cross-site scripting XSS vulnerability that could allow an attacker to redirect a user to a crafted domain and...
CVE-2023-22819
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...
CVE-2023-22817
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
CVE-2023-22817
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
Server side request forgery (ssrf)
Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...
Design/Logic Flaw
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...
CVE-2023-22819 Uncontrolled resource consumption vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products
An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi a...
CVE-2023-22819
CVE-2023-22819 describes an uncontrolled resource consumption (memory exhaustion) vulnerability in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi, and Western Digital My Cloud OS 5 devices. The issue allows crafted requests to a service over the network, potentially stopping the se...
CVE-2023-22817
CVE-2023-22817 describes an SSRF vulnerability in Western Digital My Cloud OS 5 (prior to 5.27.161), My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices (prior to 9.5.1-104). The issue stems from insufficient validation of incoming requests, allowing a rogue server on the local network to m...