Lucene search
+L
SeagateNas Os

10 matches found

cve
cve
added 2019/05/13 12:36 p.m.68 views

CVE-2018-12300

CVE-2018-12300 refers to an open redirect in Seagate NAS OS 4.3.15.1, specifically in echo-server.html, enabling an attacker to disclose information in the Referer header via the state URL parameter. Connected sources (Nuclei template) confirm the open redirect description and name the affected d...

6.1CVSS6AI score0.03127EPSS
cve
cve
added 2019/05/13 12:32 p.m.66 views

CVE-2018-12296

CVE-2018-12296 affects Seagate NAS OS 4.3.15.1. The issue is insufficient access control on the API endpoint /api/external/7.0/system.System.get_infos, permitting an unauthenticated attacker to obtain information about the NAS via empty POST requests. The NVD and connected templates describe this...

7.5CVSS7.4AI score0.10905EPSS
In wild
cve
cve
added 2019/05/13 12:34 p.m.60 views

CVE-2018-12298

CVE-2018-12298: Directory traversal in Seagate NAS OS filebrowser (v4.3.15.1) allows reading files inside the app container via crafted URL paths. Root cause appears to be improper URL path handling. Affects filebrowser component; impact includes partial confidentiality (C in CVSS). CVSS data pre...

7.5CVSS7.3AI score0.0174EPSS
cve
cve
added 2019/05/13 12:38 p.m.55 views

CVE-2018-12301

CVE-2018-12301 affects Seagate NAS OS v4.3.15.1: Unvalidated URL in the Download Manager allows access to the loopback interface via a Download URL of 127.0.0.1 or localhost. Connected sources (Red Hat advisory, NVD entry, CVE listing) confirm the same description, but do not provide exploit deta...

7.5CVSS7.4AI score0.01408EPSS
cve
cve
added 2019/05/13 12:33 p.m.51 views

CVE-2018-12297

CVE-2018-12297 affects Seagate NAS OS 4.3.15.1 with XSS in API error pages via URL path names. Root cause cited as insufficient validation of client data by the WEB application; impact is client-side script execution. Exploitation details/works are not provided in the documents; no remediation/ve...

6.1CVSS6.2AI score0.00692EPSS
cve
cve
added 2019/05/13 12:31 p.m.47 views

CVE-2018-12295

The CVE describes a SQL injection in folderViewSpecific.psp of Seagate NAS OS v4.3.15.1, allowing attackers to execute arbitrary SQL commands through the dirId URL parameter. Affected software is Seagate NAS OS (version 4.3.15.1); root cause is improper handling of the dirId parameter in folderVi...

9.8CVSS9.9AI score0.01135EPSS
cve
cve
added 2019/05/13 12:38 p.m.46 views

CVE-2018-12302

CVE-2018-12302 concerns Seagate NAS OS web application (v4.3.15.1) with missing HttpOnly flag on session cookies, enabling potential theft of session tokens via cross-site scripting. Publicly surfaced details are consistent across sources (NVD/Red Hat/other catalogs). The Red Hat and NVD entries ...

6.1CVSS6AI score0.00802EPSS
cve
cve
added 2019/05/13 12:40 p.m.46 views

CVE-2018-12304

The Red Hat, NVD and CVE records confirm CVE-2018-12304 affects Seagate NAS OS (version 4.3.15.1) via the Application Manager. The vulnerability is a cross-site scripting (XSS) flaw in multiple application metadata fields (Short Description, Publisher Name, Publisher Contact, Website URL) that ca...

6.1CVSS6.3AI score0.00826EPSS
cve
cve
added 2019/05/13 12:39 p.m.45 views

CVE-2018-12303

An XSS vulnerability in Seagate NAS OS filebrowser (version 4.3.15.1) allows attackers to inject and execute JavaScript via directory names. This is described across multiple sources (CVE-2018-12303). The connected records confirm the affected product and vulnerability class but do not provide ex...

5.4CVSS5.5AI score0.00649EPSS
cve
cve
added 2019/05/13 12:35 p.m.44 views

CVE-2018-12299

CVE-2018-12299 relates to a cross-site scripting (XSS) vulnerability in Seagate NAS OS 4.3.15.1 filebrowser. The issue arises because uploaded file names can trigger JavaScript execution in the browser, enabling an attacker to perform actions in a victim’s session. The available connected documen...

5.4CVSS5.5AI score0.00649EPSS