Filtered by vendor Emc
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2025-04-12 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | |||||
| CVE-2016-0892 | 1 Emc | 1 Rsa Data Loss Prevention | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0526 | 1 Emc | 1 Rsa Validation Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. | |||||
| CVE-2016-0910 | 1 Emc | 1 Data Domain Os | 2025-04-12 | 4.3 MEDIUM | 8.8 HIGH |
| EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | |||||
| CVE-2014-4623 | 1 Emc | 1 Avamar | 2025-04-12 | 4.3 MEDIUM | N/A |
| EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | |||||
| CVE-2014-0643 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2025-04-12 | 7.6 HIGH | N/A |
| EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. | |||||
| CVE-2016-6643 | 1 Emc | 1 Vipr Srm | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-2515 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. | |||||
| CVE-2016-0915 | 1 Emc | 1 Authentication Manager Prime | 2025-04-12 | 5.5 MEDIUM | 8.1 HIGH |
| The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." | |||||
| CVE-2015-6847 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | 2.1 LOW | N/A |
| The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2015-4532 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2514. | |||||
| CVE-2016-0921 | 1 Emc | 1 Avamar Server | 2025-04-12 | 6.9 MEDIUM | 6.5 MEDIUM |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. | |||||
| CVE-2013-6078 | 1 Emc | 2 Rsa Bsafe Toolkits, Rsa Data Protection Manager | 2025-04-12 | 5.8 MEDIUM | N/A |
| The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change. | |||||
| CVE-2016-0922 | 1 Emc | 1 Vipr Srm | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. | |||||
| CVE-2015-4539 | 1 Emc | 1 Rsa Identity Management And Governance | 2025-04-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-0633 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | 7.7 HIGH | N/A |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2014-2506 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | |||||
| CVE-2016-0907 | 1 Emc | 2 Isilon Onefs, Isilonsd Edge Onefs | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115. | |||||
| CVE-2016-0899 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | 3.5 LOW | 6.3 MEDIUM |
| EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. | |||||
| CVE-2014-2514 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 8.2 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization and does not properly restrict object types, which allows remote authenticated users to run save RPC commands with super-user privileges, and consequently execute arbitrary code, via unspecified vectors. | |||||