Filtered by vendor Emc
Subscribe
Search
Total
412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2017-08-29 | 9.3 HIGH | N/A |
| EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | |||||
| CVE-2014-4618 | 1 Emc | 1 Documentum Content Server | 2017-08-29 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. | |||||
| CVE-2014-4639 | 1 Emc | 1 Documentum Wdk | 2017-08-29 | 5.0 MEDIUM | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. | |||||
| CVE-2014-2521 | 1 Emc | 1 Documentum Content Server | 2017-08-29 | 6.3 MEDIUM | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. | |||||
| CVE-2014-2518 | 1 Emc | 9 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 6 more | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-2517 | 1 Emc | 1 Rsa Archer Egrc | 2017-08-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2014-2515 | 1 Emc | 1 Documentum D2 | 2017-08-29 | 8.5 HIGH | N/A |
| EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. | |||||
| CVE-2014-2511 | 1 Emc | 8 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 5 more | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. | |||||
| CVE-2014-2505 | 1 Emc | 1 Rsa Archer Egrc | 2017-08-29 | 5.4 MEDIUM | N/A |
| EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. | |||||
| CVE-2014-2276 | 1 Emc | 1 Connectrix Manager | 2017-08-29 | 5.0 MEDIUM | N/A |
| The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. | |||||
| CVE-2014-2520 | 1 Emc | 1 Documentum Content Server | 2017-08-29 | 6.3 MEDIUM | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. | |||||
| CVE-2014-0641 | 1 Emc | 1 Rsa Archer Egrc | 2017-08-29 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2014-0640 | 1 Emc | 1 Rsa Archer Egrc | 2017-08-29 | 4.0 MEDIUM | N/A |
| EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | |||||
| CVE-2012-4610 | 1 Emc | 1 Avamar | 2017-08-29 | 3.3 LOW | N/A |
| EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. | |||||
| CVE-2012-2287 | 2 Emc, Microsoft | 4 Rsa Authentication Agent, Rsa Authentication Client, Windows Server 2003 and 1 more | 2017-08-29 | 8.5 HIGH | N/A |
| The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. | |||||
| CVE-2012-2285 | 1 Emc | 2 Cloud Tiering Appliance, Cloud Tiering Appliance Virtual Edition | 2017-08-29 | 6.8 MEDIUM | N/A |
| EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase. | |||||
| CVE-2012-2277 | 1 Emc | 1 Documentum Information Rights Management | 2017-08-29 | 7.8 HIGH | N/A |
| The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. | |||||
| CVE-2012-2276 | 1 Emc | 1 Documentum Information Rights Management | 2017-08-29 | 7.8 HIGH | N/A |
| The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. | |||||
| CVE-2012-0396 | 1 Emc | 1 Documentum Xplore | 2017-08-29 | 4.0 MEDIUM | N/A |
| EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | |||||
| CVE-2011-1740 | 1 Emc | 1 Avamar | 2017-08-17 | 7.7 HIGH | N/A |
| EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain. | |||||
| CVE-2011-0321 | 1 Emc | 1 Networker | 2017-08-17 | 6.4 MEDIUM | N/A |
| librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands. | |||||
| CVE-2010-2633 | 1 Emc | 4 Disk Library, Disk Library 4100, Disk Library 4200 and 1 more | 2017-08-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP. | |||||
| CVE-2009-3573 | 1 Emc | 1 Captiva Pixtools Distributed Imaging | 2017-08-17 | 9.3 HIGH | N/A |
| Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.2.3160.0 in EMC Captiva PixTools Distributed Imaging 2.2 allow remote attackers to create or overwrite arbitrary files via the (1) SetLogFileName and (2) WriteToLog methods. | |||||
| CVE-2016-6644 | 1 Emc | 1 Documentum D2 | 2017-08-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||||
| CVE-2017-8000 | 1 Emc | 1 Rsa Authentication Manager | 2017-08-10 | 3.5 LOW | 4.8 MEDIUM |
| In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with an XSS payload) that could be executed when viewing or editing the assigned token profile in the token by another administrator's browser session. | |||||
| CVE-2017-8006 | 1 Emc | 1 Rsa Authentication Manager | 2017-08-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN to affect victim's ability to obtain access to protected resources. | |||||
| CVE-2016-0907 | 1 Emc | 2 Isilon Onefs, Isilonsd Edge Onefs | 2017-08-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. | |||||
| CVE-2008-3370 | 1 Emc | 1 Centera Universal Access | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field. | |||||
| CVE-2008-0963 | 1 Emc | 1 Diskxtender | 2017-08-08 | 9.0 HIGH | N/A |
| Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. | |||||
| CVE-2008-0962 | 1 Emc | 1 Diskxtender | 2017-08-08 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface. | |||||
| CVE-2008-0961 | 1 Emc | 1 Diskxtender | 2017-08-08 | 10.0 HIGH | N/A |
| EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. | |||||
| CVE-2016-0913 | 1 Emc | 2 Networker Module For Microsoft Applications, Replication Manager | 2017-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. | |||||
| CVE-2016-6647 | 1 Emc | 1 Vipr Srm | 2017-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0925 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2017-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0903 | 1 Emc | 1 Avamar Server | 2017-07-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. | |||||
| CVE-2016-0921 | 1 Emc | 1 Avamar Server | 2017-07-30 | 6.9 MEDIUM | 6.5 MEDIUM |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. | |||||
| CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | |||||
| CVE-2016-0917 | 1 Emc | 13 Vnx1 Oe Firmware, Vnx2 Oe Firmware, Vnx5200 and 10 more | 2017-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. | |||||
| CVE-2016-0904 | 1 Emc | 1 Avamar Server | 2017-07-30 | 5.0 MEDIUM | 8.6 HIGH |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | |||||
| CVE-2016-0905 | 1 Emc | 1 Avamar Server | 2017-07-30 | 7.2 HIGH | 6.7 MEDIUM |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. | |||||
| CVE-2016-0918 | 1 Emc | 2 Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2017-07-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. | |||||
| CVE-2016-0909 | 1 Emc | 2 Avamar Data Store, Avamar Server Virtual Edition | 2017-07-29 | 7.2 HIGH | 8.4 HIGH |
| EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. | |||||
| CVE-2007-5323 | 1 Emc | 1 Replistor | 2017-07-29 | 10.0 HIGH | N/A |
| The RepliStor Server Service in EMC Replistor 6.1.3 allows remote attackers to execute arbitrary code via a size value that causes RepliStor to create a smaller buffer than expected, which triggers a buffer overflow when that buffer is used in a recv function call. | |||||
| CVE-2017-2768 | 1 Emc | 1 Smarts Network Configuration Manager | 2017-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-2767 | 1 Emc | 1 Smarts Network Configuration Manager | 2017-07-25 | 10.0 HIGH | 9.8 CRITICAL |
| EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-9873 | 1 Emc | 1 Documentum D2 | 2017-07-25 | 6.5 MEDIUM | 6.3 MEDIUM |
| EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application. | |||||
| CVE-2016-9872 | 1 Emc | 1 Documentum D2 | 2017-07-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2006-2155 | 1 Emc | 1 Retrospect | 2017-07-20 | 4.6 MEDIUM | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. | |||||
| CVE-2006-2154 | 1 Emc | 1 Retrospect | 2017-07-20 | 7.2 HIGH | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. | |||||
| CVE-2017-5001 | 1 Emc | 1 Rsa Archer Egrc | 2017-07-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. | |||||