Filtered by vendor Westerndigital
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8960 | 1 Westerndigital | 1 Mycloud.com | 2022-01-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. | |||||
| CVE-2021-28653 | 1 Westerndigital | 1 Armorlock | 2021-08-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware. | |||||
| CVE-2020-13799 | 2 Linaro, Westerndigital | 7 Op-tee, Inand Cl Em132, Inand Cl Em132 Firmware and 4 more | 2021-06-29 | 4.6 MEDIUM | 6.8 MEDIUM |
| Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature. | |||||
| CVE-2020-10951 | 1 Westerndigital | 2 Ibi, My Cloud Home | 2020-08-27 | 4.3 MEDIUM | 4.7 MEDIUM |
| Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages. | |||||
| CVE-2019-13467 | 2 Sandisk, Westerndigital | 2 Ssd Dashboard, Ssd Dashboard | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Description: Western Digital SSD Dashboard before 2.5.1.0 and SanDisk SSD Dashboard before 2.5.1.0 applications are potentially vulnerable to man-in-the-middle attacks when the applications download resources from the Dashboard web service. This vulnerability may allow an attacker to substitute downloaded resources with arbitrary files. | |||||
| CVE-2019-11686 | 1 Westerndigital | 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more | 2020-03-13 | 2.1 LOW | 5.5 MEDIUM |
| Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnerability in the wear-leveling algorithm of the drive may cause cryptographically sensitive parameters (such as data encryption keys) to remain on the drive media after their intended erasure. | |||||
| CVE-2019-10706 | 1 Westerndigital | 118 Sandisk X300 Sd7sb6s-128g, Sandisk X300 Sd7sb6s-128g Firmware, Sandisk X300 Sd7sb6s-256g and 115 more | 2020-03-13 | 6.3 MEDIUM | 6.3 MEDIUM |
| Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: The firmware update authentication method relies on a symmetric HMAC digest. The key used to validate this digest is present in a protected area of the device, and if extracted could be used to install arbitrary firmware to other devices. | |||||
| CVE-2018-7928 | 1 Westerndigital | 1 My Cloud | 2020-02-24 | 3.6 LOW | 4.6 MEDIUM |
| There is a security vulnerability which could lead to Factory Reset Protection (FRP) bypass in the MyCloud APP with the versions before 8.1.2.303 installed on some Huawei smart phones. When re-configuring the mobile phone using the FRP function, an attacker can replace the old account with a new one through special steps by exploit this vulnerability. As a result, the FRP function is bypassed. | |||||