Filtered by vendor Emc
Subscribe
Total
414 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | |||||
CVE-2015-0544 | 1 Emc | 1 Secure Remote Services | 2023-12-10 | 9.3 HIGH | N/A |
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. | |||||
CVE-2015-4532 | 1 Emc | 1 Documentum Content Server | 2023-12-10 | 9.0 HIGH | N/A |
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514. | |||||
CVE-2015-4528 | 1 Emc | 1 Documentum Centerstage | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-4525 | 1 Emc | 1 Isilon Onefs | 2023-12-10 | 9.0 HIGH | N/A |
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | |||||
CVE-2015-0549 | 1 Emc | 1 Documentum D2 | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-6848 | 1 Emc | 1 Isilon Onefs | 2023-12-10 | 8.5 HIGH | N/A |
EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | |||||
CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | |||||
CVE-2015-0547 | 1 Emc | 1 Documentum D2 | 2023-12-10 | 4.0 MEDIUM | N/A |
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. | |||||
CVE-2016-0906 | 1 Emc | 1 Avamar | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation. | |||||
CVE-2015-0538 | 1 Emc | 1 Autostart | 2023-12-10 | 9.3 HIGH | N/A |
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. | |||||
CVE-2015-0540 | 1 Emc | 1 Document Sciences Xpression | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2016-0916 | 1 Emc | 1 Networker | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. | |||||
CVE-2015-6845 | 1 Emc | 1 Sourceone Email Supervisor | 2023-12-10 | 7.5 HIGH | N/A |
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | |||||
CVE-2015-6846 | 1 Emc | 1 Sourceone Email Supervisor | 2023-12-10 | 6.8 MEDIUM | N/A |
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. | |||||
CVE-2016-0915 | 1 Emc | 1 Authentication Manager Prime | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." | |||||
CVE-2016-0908 | 1 Emc | 1 Isilon Onefs | 2023-12-10 | 6.8 MEDIUM | 6.7 MEDIUM |
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | |||||
CVE-2015-4539 | 1 Emc | 1 Rsa Identity Management And Governance | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-6843 | 1 Emc | 1 Sourceone Email Supervisor | 2023-12-10 | 5.0 MEDIUM | N/A |
Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
CVE-2016-6647 | 1 Emc | 1 Vipr Srm | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |