Vulnerabilities > Seagate > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-05-13 | CVE-2018-12295 | SQL Injection vulnerability in Seagate NAS OS 4.3.15.1 SQL injection in folderViewSpecific.psp in Seagate NAS OS version 4.3.15.1 allows attackers to execute arbitrary SQL commands via the dirId URL parameter. | 7.5 |
2015-12-31 | CVE-2015-2876 | Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. | 8.3 |
2015-12-31 | CVE-2015-2875 | Path Traversal vulnerability in multiple products Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session. | 7.8 |