Vulnerabilities (CVE)

Filtered by vendor Seagate Subscribe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-12296	1 Seagate	1 Nas Os	2019-10-03	5.0 MEDIUM	7.5 HIGH
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.
CVE-2018-12301	1 Seagate	1 Nas Os	2019-05-13	5.0 MEDIUM	7.5 HIGH
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
CVE-2018-12298	1 Seagate	1 Nas Os	2019-05-13	5.0 MEDIUM	7.5 HIGH
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.
CVE-2017-18263	1 Seagate	2 Personal Cloud, Personal Cloud Firmware	2018-06-05	5.0 MEDIUM	7.5 HIGH
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
CVE-2015-2875	2 Lacie, Seagate	7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more	2015-12-31	7.8 HIGH	7.5 HIGH
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
CVE-2015-2876	2 Lacie, Seagate	7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more	2015-12-31	8.3 HIGH	8.8 HIGH
Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.