• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-22996
2022-04-07
N/A
7.8 HIGH
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.
CVE-2022-22995
My Cloud Pr4100 Firmware, Westerndigital
Sandisk_x600_sd9tb8w-128g_firmware, Sandisk_x600_sd9tb8w-128g, Sandisk_x600_sd9tb8w-256g_firmware, Sandisk_x600_sd9tb8w-256g, Sandisk_x600_sd9tb8w-512g_firmware, Sandisk_x600_sd9tb8w-512g, Sandisk_x600_sd9tb8w-1t00_firmware, Sandisk_x600_sd9tb8w-1t00, Sandisk_x600_sd9tb8w-2t00_firmware, Sandisk_x600_sd9tb8w-2t00
2022-03-31
N/A
9.8 CRITICAL
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.
CVE-2022-22994
My Cloud, Westerndigital
Sandisk_x600_sd9tb8w-128g_firmware, Sandisk_x600_sd9tb8w-128g, Sandisk_x600_sd9tb8w-256g_firmware, Sandisk_x600_sd9tb8w-256g, Sandisk_x600_sd9tb8w-512g_firmware, Sandisk_x600_sd9tb8w-512g, Sandisk_x600_sd9tb8w-1t00_firmware, Sandisk_x600_sd9tb8w-1t00, Sandisk_x600_sd9tb8w-2t00_firmware, Sandisk_x600_sd9tb8w-2t00
2022-03-15
N/A
9.8 CRITICAL
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulnerability was addressed by disabling checks for internet connectivity using HTTP.
CVE-2022-22993
My Cloud Ex2100, Westerndigital
Sandisk_x600_sd9tb8w-128g_firmware, Sandisk_x600_sd9tb8w-128g, Sandisk_x600_sd9tb8w-256g_firmware, Sandisk_x600_sd9tb8w-256g, Sandisk_x600_sd9tb8w-512g_firmware, Sandisk_x600_sd9tb8w-512g, Sandisk_x600_sd9tb8w-1t00_firmware, Sandisk_x600_sd9tb8w-1t00, Sandisk_x600_sd9tb8w-2t00_firmware, Sandisk_x600_sd9tb8w-2t00
2022-03-18
N/A
8.8 HIGH
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
CVE-2022-22992
My Cloud Pr4100, Westerndigital
Sandisk_x600_sd9tb8w-128g_firmware, Sandisk_x600_sd9tb8w-128g, Sandisk_x600_sd9tb8w-256g_firmware, Sandisk_x600_sd9tb8w-256g, Sandisk_x600_sd9tb8w-512g_firmware, Sandisk_x600_sd9tb8w-512g, Sandisk_x600_sd9tb8w-1t00_firmware, Sandisk_x600_sd9tb8w-1t00, Sandisk_x600_sd9tb8w-2t00_firmware, Sandisk_x600_sd9tb8w-2t00
2022-02-04
N/A
9.8 CRITICAL
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to shell functions coming from user input.
CVE-2022-22991
2022-01-21
N/A
8.8 HIGH
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.
CVE-2022-22990
My Cloud Pr4100, Westerndigital
Sandisk_x600_sd9tb8w-128g_firmware, Sandisk_x600_sd9tb8w-128g, Sandisk_x600_sd9tb8w-256g_firmware, Sandisk_x600_sd9tb8w-256g, Sandisk_x600_sd9tb8w-512g_firmware, Sandisk_x600_sd9tb8w-512g, Sandisk_x600_sd9tb8w-1t00_firmware, Sandisk_x600_sd9tb8w-1t00, Sandisk_x600_sd9tb8w-2t00_firmware, Sandisk_x600_sd9tb8w-2t00
2022-03-17
N/A
8.8 HIGH
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.
CVE-2022-2299
2022-07-29
N/A
5.4 MEDIUM
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads
CVE-2022-22989
My Cloud, Westerndigital
Sandisk_x600_sd9tb8w-128g_firmware, Sandisk_x600_sd9tb8w-128g, Sandisk_x600_sd9tb8w-256g_firmware, Sandisk_x600_sd9tb8w-256g, Sandisk_x600_sd9tb8w-512g_firmware, Sandisk_x600_sd9tb8w-512g, Sandisk_x600_sd9tb8w-1t00_firmware, Sandisk_x600_sd9tb8w-1t00, Sandisk_x600_sd9tb8w-2t00_firmware, Sandisk_x600_sd9tb8w-2t00
2022-01-21
N/A
9.8 CRITICAL
My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues.
CVE-2022-22988
2022-01-21
N/A
9.1 CRITICAL
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.
« Previous 1 … 10,625 10,626 10,627 10,628 10,629 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE