Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.108920
Category:Web application abuses
Title:Western Digital My Cloud Multiple Products < 2.21.111 Multiple Vulnerabilities
Summary:Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.
Description:Summary:
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities.

Vulnerability Insight:
The following issues have been addressed:

- Resolved multiple security vulnerabilities in image decoder (CVE-2016-3714)

- Resolved Twonky Security Vulnerability (CVE-2015-6505). Failure to verify HTTP parameter allows writing
of arbitrary files on host running TwonkyServer.

- Resolved GHOST Security Vulnerability (CVE-2015-0235)

Affected Software/OS:
Western Digital My Cloud with firmware versions prior to 2.21.111.

Solution:
Update to firmware version 2.21.111 or later.

Note: Some My Cloud products are already end-of-life and doesn't receive any updates anymore.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-3714
BugTraq ID: 89848
http://www.securityfocus.com/bid/89848
Bugtraq: 20160513 May 2016 - HipChat Server - Critical Security Advisory (Google Search)
http://www.securityfocus.com/archive/1/538378/100/0/threaded
CERT/CC vulnerability note: VU#250519
https://www.kb.cert.org/vuls/id/250519
Debian Security Information: DSA-3580 (Google Search)
http://www.debian.org/security/2016/dsa-3580
Debian Security Information: DSA-3746 (Google Search)
http://www.debian.org/security/2016/dsa-3746
https://www.exploit-db.com/exploits/39767/
https://www.exploit-db.com/exploits/39791/
https://security.gentoo.org/glsa/201611-21
http://packetstormsecurity.com/files/152364/ImageTragick-ImageMagick-Proof-Of-Concepts.html
http://www.rapid7.com/db/modules/exploit/unix/fileformat/imagemagick_delegate
https://imagetragick.com/
http://www.openwall.com/lists/oss-security/2016/05/03/13
http://www.openwall.com/lists/oss-security/2016/05/03/18
RedHat Security Advisories: RHSA-2016:0726
http://rhn.redhat.com/errata/RHSA-2016-0726.html
http://www.securitytracker.com/id/1035742
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.440568
SuSE Security Announcement: SUSE-SU-2016:1260 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00024.html
SuSE Security Announcement: SUSE-SU-2016:1275 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00032.html
SuSE Security Announcement: SUSE-SU-2016:1301 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00041.html
SuSE Security Announcement: openSUSE-SU-2016:1261 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00025.html
SuSE Security Announcement: openSUSE-SU-2016:1266 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00028.html
SuSE Security Announcement: openSUSE-SU-2016:1326 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00051.html
http://www.ubuntu.com/usn/USN-2990-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-6505
Common Vulnerability Exposure (CVE) ID: CVE-2015-0235
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
BugTraq ID: 72325
http://www.securityfocus.com/bid/72325
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search)
http://seclists.org/oss-sec/2015/q1/269
Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search)
http://seclists.org/oss-sec/2015/q1/274
Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search)
http://www.securityfocus.com/archive/1/534845/100/0/threaded
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
Debian Security Information: DSA-3142 (Google Search)
http://www.debian.org/security/2015/dsa-3142
http://seclists.org/fulldisclosure/2015/Jan/111
http://seclists.org/fulldisclosure/2019/Jun/18
https://security.gentoo.org/glsa/201503-04
HPdes Security Advisory: HPSBGN03247
http://marc.info/?l=bugtraq&m=142296726407499&w=2
HPdes Security Advisory: HPSBGN03270
http://marc.info/?l=bugtraq&m=142781412222323&w=2
HPdes Security Advisory: HPSBGN03285
http://marc.info/?l=bugtraq&m=142722450701342&w=2
HPdes Security Advisory: HPSBHF03289
http://marc.info/?l=bugtraq&m=142721102728110&w=2
HPdes Security Advisory: HPSBMU03330
http://marc.info/?l=bugtraq&m=143145428124857&w=2
HPdes Security Advisory: SSRT101937
HPdes Security Advisory: SSRT101953
http://www.mandriva.com/security/advisories?name=MDVSA-2015:039
http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
RedHat Security Advisories: RHSA-2015:0126
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://www.securitytracker.com/id/1032909
http://secunia.com/advisories/62517
http://secunia.com/advisories/62640
http://secunia.com/advisories/62667
http://secunia.com/advisories/62680
http://secunia.com/advisories/62681
http://secunia.com/advisories/62688
http://secunia.com/advisories/62690
http://secunia.com/advisories/62691
http://secunia.com/advisories/62692
http://secunia.com/advisories/62698
http://secunia.com/advisories/62715
http://secunia.com/advisories/62758
http://secunia.com/advisories/62812
http://secunia.com/advisories/62813
http://secunia.com/advisories/62816
http://secunia.com/advisories/62865
http://secunia.com/advisories/62870
http://secunia.com/advisories/62871
http://secunia.com/advisories/62879
http://secunia.com/advisories/62883
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.