Vulnerabilities > Seagate > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-07 CVE-2021-43429 Improper Locking vulnerability in Seagate Cortx-S3 Server 20211107
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock.
network
low complexity
seagate CWE-667
7.5
7.5
2019-05-13 CVE-2018-12301 Information Exposure vulnerability in Seagate NAS OS 4.3.15.1
Unvalidated URL in Download Manager in Seagate NAS OS version 4.3.15.1 allows attackers to access the loopback interface via a Download URL of 127.0.0.1 or localhost.
network
low complexity
seagate CWE-200
7.5
7.5
2019-05-13 CVE-2018-12298 Path Traversal vulnerability in Seagate NAS OS 4.3.15.1
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path.
network
low complexity
seagate CWE-22
7.5
7.5
2019-05-13 CVE-2018-12296 Incorrect Permission Assignment for Critical Resource vulnerability in Seagate NAS OS 4.3.15.1
Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests.
network
low complexity
seagate CWE-732
7.5
7.5
2018-04-28 CVE-2017-18263 Path Traversal vulnerability in Seagate Personal Cloud Firmware 4.3.16.0/4.3.18.0
Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url.
network
low complexity
seagate CWE-22
7.5
7.5
2015-12-31 CVE-2015-2876 Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session.
low complexity
lacie seagate
8.8
8.8
2015-12-31 CVE-2015-2875 Path Traversal vulnerability in multiple products
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
network
low complexity
seagate lacie CWE-22
7.5
7.5