CVSS: 9.8EPSS: 10%CPEs: 6EXPL: 3CVE-2020-6627 – Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution
https://notcve.org/view.php?id=CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mv_backend_launch in cirrus/application/helpers/mv_backend_helper.php by leveraging the "start" state and sending a check_device_name request. La aplicación de administración web en los dispositivos Seagate Central NAS STCG2000300, STCG3000300 y STCG4000300 permite la inyección de comandos del Sistema Operativo a través de mv_backend_launch en cirrus/application/helpers/mv_backend_helper.php aprovechando el estado de "inicio" y enviando una solicitud check_device_name. • https://www.exploit-db.com/exploits/51487 http://packetstormsecurity.com/files/172590/Seagate-Central-Storage-2015.0916-User-Creation-Command-Execution.html https://github.com/rapid7/metasploit-framework/pull/12844 https://pentest.blog/advisory-seagate-central-storage-remote-code-execution https://www.invictuseurope.com/blog • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43429
https://notcve.org/view.php?id=CVE-2021-43429
A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy method due to a failture to release locks pool->lock. Se presenta una vulnerabilidad de denegación de servicio en el servidor CORTX-S3 a partir de 7/11/2021, por medio del método mempool_destroy debido a un fallo en la liberación de bloqueos pool-)lock • https://github.com/Seagate/cortx-s3server/issues/1037 https://github.com/Seagate/cortx-s3server/pull/1041 • CWE-667: Improper Locking •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 1CVE-2018-18471
https://notcve.org/view.php?id=CVE-2018-18471
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device. /api/2.0/rest/aggregator/xml en el firmware Axentra, utilizado por NETGEAR Stora, Seagate GoFlex Home y MEDION LifeCloud, tiene una vulnerabilidad XXE que se puede encadenar con un error SSRF para obtener la ejecución remota de comandos como root. Puede ser activado por cualquiera que conozca la dirección IP del dispositivo afectado. • http://www.axentra.com/en https://www.wizcase.com/blog/hack-2018 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12304
https://notcve.org/view.php?id=CVE-2018-12304
Cross-site scripting in Application Manager in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via multiple application metadata fields: Short Description, Publisher Name, Publisher Contact, or Website URL. Una vulnerbilidad de tipo Cross-site scripting en Application Manager en Seagate NAS OS versión 4.3.15.1, permiten a los atacantes ejecutar JavaScript por medio de múltiples campos de metadatos de aplicaciones: Short Description, Publisher Name, Publisher Contact, or Website URL. • https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12303
https://notcve.org/view.php?id=CVE-2018-12303
Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via directory names. Una vulnerabilidad de tipo Cross-site scripting en filebrowser in Seagate NAS OS version 4.3.15.1, permiten a los atacantes ejecutar JavaScript por medio de nombres de directorio. • https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •