This page lists publicly disclosed CVE vulnerabilities affecting seagate personal_cloud_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-18263 | Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has directory traversal in getPhotoPlaylistPhotos.psp via a parameter named url. | [email protected] | 7.5 | 3.69% | 2018-04-28 | 2026-06-17 |
| CVE-2018-5347 | Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled. | [email protected] | 9.8 | 54.16% | 2018-01-12 | 2026-06-17 |