Vulnerabilities > Seagate > Personal Cloud Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-28 | CVE-2017-18263 | Path Traversal vulnerability in Seagate Personal Cloud Firmware 4.3.16.0/4.3.18.0 Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | 7.5 |
2018-01-12 | CVE-2018-5347 | OS Command Injection vulnerability in Seagate Personal Cloud Firmware Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. | 9.8 |