Latest CVE Feed
-
7.5
HIGHCVE-2022-23010
On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2022-23009
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical S... Read more
Affected Products : big-iq_centralized_management- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-23008
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX... Read more
Affected Products : nginx_controller_api_management- Published: Jan. 25, 2022
- Modified: Nov. 21, 2024
-
6.7
MEDIUMCVE-2022-23006
A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be... Read more
- Published: Sep. 27, 2022
- Modified: Nov. 21, 2024
-
8.7
HIGHCVE-2022-23005
Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devic... Read more
- Published: Jan. 23, 2023
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-23004
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by... Read more
Affected Products : sweet_b- Published: Jul. 29, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-23003
When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when ... Read more
Affected Products : sweet_b- Published: Jul. 29, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-23002
When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other ... Read more
Affected Products : sweet_b- Published: Jul. 29, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the pub... Read more
Affected Products : sweet_b- Published: Jul. 29, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-23000
The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "... Read more
- Published: Jul. 25, 2022
- Modified: Nov. 21, 2024
-
8.2
HIGHCVE-2022-22999
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's brow... Read more
- Published: Jul. 25, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2022-22998
Implemented protections on AWS credentials that were not properly protected.... Read more
Affected Products : linux_kernel my_cloud_home_firmware my_cloud_home_duo_firmware my_cloud_home my_cloud_home_duo- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22997
Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.... Read more
Affected Products : linux_kernel my_cloud_home_firmware my_cloud_home_duo_firmware my_cloud_home my_cloud_home_duo- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22996
The G-RAID 4/8 Software Utility setups for Windows were affected by a DLL hijacking vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the system user.... Read more
- Published: Mar. 30, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-22995
The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.... Read more
- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22994
A remote code execution vulnerability was discovered on Western Digital My Cloud devices where an attacker could trick a NAS device into loading through an unsecured HTTP call. This was a result insufficient verification of calls to the device. The vulner... Read more
Affected Products : my_cloud_os my_cloud_firmware my_cloud my_cloud_dl2100 my_cloud_dl4100 my_cloud_ex2_ultra my_cloud_ex2100 my_cloud_ex4100 my_cloud_pr2100 my_cloud_pr4100 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22993
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for... Read more
Affected Products : my_cloud_os my_cloud_firmware my_cloud my_cloud_dl2100 my_cloud_dl4100 my_cloud_ex2_ultra my_cloud_ex2100 my_cloud_ex4100 my_cloud_pr2100 my_cloud_pr4100 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-22992
A command injection remote code execution vulnerability was discovered on Western Digital My Cloud Devices that could allow an attacker to execute arbitrary system commands on the device. The vulnerability was addressed by escaping individual arguments to... Read more
Affected Products : my_cloud_os my_cloud_os_5 my_cloud my_cloud_dl2100 my_cloud_dl4100 my_cloud_ex2_ultra my_cloud_ex2100 my_cloud_ex4100 my_cloud_pr2100 my_cloud_pr4100 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22991
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP.... Read more
Affected Products : my_cloud_os my_cloud_firmware my_cloud my_cloud_dl2100 my_cloud_dl4100 my_cloud_ex2_ultra my_cloud_ex2100 my_cloud_ex4100 my_cloud_pr2100 my_cloud_pr4100 +2 more products- Published: Jan. 13, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22990
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewritin... Read more
Affected Products : my_cloud_os my_cloud_firmware my_cloud my_cloud_dl2100 my_cloud_dl4100 my_cloud_ex2_ultra my_cloud_ex2100 my_cloud_ex4100 my_cloud_pr2100 my_cloud_pr4100 +2 more products- Published: Jan. 13, 2022
- Modified: Nov. 21, 2024