CVE-2015-2875
published 2015-12-31CVE-2015-2875: Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL…
PriorityP346high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
3.17%
86.4th percentile
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lacie | lac9000436u_firmware | <= 2.3.0.014 | — |
| lacie | lac9000464u_firmware | <= 2.3.0.014 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pxx6-8p5x-fwfx: Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FU
ghsa_unreviewed·2022-05-17
CVE-2015-2875 [HIGH] CWE-22 GHSA-pxx6-8p5x-fwfx: Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FU
Absolute path traversal vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to read arbitrary files via a full pathname in a download request during a Wi-Fi session.
Red Hat
webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001)
vendor_redhat·2015-01-26·CVSS 5.0
CVE-2013-2875 [MEDIUM] CWE-125 webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001)
webkitgtk: out-of-bounds read in the SVG implementation (WSA-2015-0001)
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in Blink, as used in Google Chrome before 28.0.1500.71, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Will not fix
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Will not fix
No detection rules found.
No public exploits indexed.
2015-12-31
Published