Westerndigital Sandisk_ibi

12 CVEs affecting Westerndigital Sandisk_ibi. Latest disclosed: 2024-02-05. Critical: 1, High: 0.

Top CVEs affecting Westerndigital Sandisk_ibi
CVESeverityScorePublishedSummary
CVE-2022-36331Critical10.02023-06-12Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthentica…
CVE-2022-36328Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitra…
CVE-2022-36327Medium5.82023-05-18Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with cert…
CVE-2023-22817Medium5.52024-02-05Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back…
CVE-2023-22819Medium4.92024-02-05An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua…
CVE-2022-29837Medium4.72022-12-01A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate inst…
CVE-2022-36326Medium4.42023-05-18An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventua…
CVE-2022-36329Medium4.42023-05-10An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cl…
CVE-2023-22813Low3.32023-05-08 A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile A…
CVE-2022-36330Low1.92023-05-10A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My…
CVE-2022-29836Low1.92022-11-09Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; M…
CVE-2022-23006Low1.82022-09-27A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessi…