Filtered by vendor Emc
Subscribe
Total
414 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0937 | 1 Emc | 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more | 2023-12-10 | 5.8 MEDIUM | N/A |
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2012-2276 | 1 Emc | 1 Documentum Information Rights Management | 2023-12-10 | 7.8 HIGH | N/A |
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. | |||||
CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2023-12-10 | 9.3 HIGH | N/A |
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
CVE-2011-2741 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2023-12-10 | 6.8 MEDIUM | N/A |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." | |||||
CVE-2011-2739 | 1 Emc | 1 Documentum Eroom | 2023-12-10 | 8.5 HIGH | N/A |
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | |||||
CVE-2011-4144 | 2 Centos, Emc | 2 Centos, Documentum Content Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges. | |||||
CVE-2011-1743 | 1 Emc | 1 Captiva Einput | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-0321 | 1 Emc | 1 Networker | 2023-12-10 | 6.4 MEDIUM | N/A |
librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands. | |||||
CVE-2012-0396 | 1 Emc | 1 Documentum Xplore | 2023-12-10 | 4.0 MEDIUM | N/A |
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | |||||
CVE-2012-0398 | 1 Emc | 1 Documentum Eroom | 2023-12-10 | 7.5 HIGH | N/A |
EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. | |||||
CVE-2011-1424 | 3 Emc, Ibm, Microsoft | 4 Sourceone Email Management, Lotus Domino, Lotus Notes and 1 more | 2023-12-10 | 3.5 LOW | N/A |
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. | |||||
CVE-2011-1744 | 1 Emc | 1 Captiva Einput | 2023-12-10 | 5.8 MEDIUM | N/A |
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site. | |||||
CVE-2011-1423 | 1 Emc | 1 Data Loss Prevention Enterprise Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-2754 | 2 Emc, Ibm | 2 Legato Networker, Informix Dynamic Server | 2023-12-10 | 10.0 HIGH | N/A |
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow. | |||||
CVE-2010-0620 | 1 Emc | 1 Homebase Server | 2023-12-10 | 9.3 HIGH | N/A |
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter. | |||||
CVE-2011-4142 | 1 Emc | 1 Sourceone Email Management | 2023-12-10 | 2.1 LOW | N/A |
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | |||||
CVE-2012-0404 | 1 Emc | 1 Documentum Eroom | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-0442 | 1 Emc | 1 Avamar | 2023-12-10 | 3.5 LOW | N/A |
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2010-1904 | 1 Emc | 1 Rsa Key Manager Client | 2023-12-10 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data. | |||||
CVE-2011-1742 | 1 Emc | 1 Data Protection Advisor | 2023-12-10 | 2.1 LOW | N/A |
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. |