Vendor CVEs
EMC Corporation
All CVEs
592 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-4608 | 0.00 | — | 0.01 | Dec 5, 2012 | Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2012-4615 | 0.00 | — | 0.00 | Nov 27, 2012 | EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2012-4614 | 0.00 | — | 0.02 | Nov 27, 2012 | The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | |||
| CVE-2012-4611 | 0.00 | — | 0.01 | Nov 27, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4613 | 0.00 | — | 0.00 | Nov 16, 2012 | EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. | |||
| CVE-2012-4612 | 0.00 | — | 0.01 | Nov 16, 2012 | Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-4610 | 0.00 | — | 0.01 | Oct 31, 2012 | EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client. | |||
| CVE-2012-2290 | 0.00 | — | 0.04 | Oct 18, 2012 | The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. | |||
| CVE-2012-2284 | 0.00 | — | 0.00 | Oct 18, 2012 | The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | |||
| CVE-2012-2286 | 0.00 | — | 0.01 | Oct 10, 2012 | Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. | |||
| CVE-2012-2287 | 0.00 | — | 0.03 | Sep 25, 2012 | The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and… | |||
| CVE-2012-2285 | 0.00 | — | 0.01 | Aug 29, 2012 | EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase. | |||
| CVE-2012-2289 | 0.00 | — | 0.05 | Aug 26, 2012 | EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. | |||
| CVE-2012-2283 | 0.00 | — | 0.01 | Aug 16, 2012 | The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before… | |||
| CVE-2012-2282 | 0.00 | — | 0.01 | Jul 16, 2012 | EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify… | |||
| CVE-2012-2280 | 0.00 | — | 0.01 | Jul 13, 2012 | EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability." | |||
| CVE-2012-2279 | 0.00 | — | 0.01 | Jul 13, 2012 | Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2012-2278 | 0.00 | — | 0.01 | Jul 13, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2012-2281 | 0.00 | — | 0.01 | Jul 5, 2012 | EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors. | |||
| CVE-2012-0409 | 0.00 | — | 0.05 | Jun 1, 2012 | Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. | |||
| CVE-2012-0403 | 0.00 | — | 0.02 | Mar 20, 2012 | Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors. | |||
| CVE-2012-0402 | 0.00 | — | 0.02 | Mar 20, 2012 | EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors. | |||
| CVE-2012-0401 | 0.00 | — | 0.01 | Mar 20, 2012 | Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2012-0400 | 0.00 | — | 0.01 | Mar 20, 2012 | EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||
| CVE-2012-0399 | 0.00 | — | 0.01 | Mar 20, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0404 | 0.00 | — | 0.01 | Mar 15, 2012 | Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-0398 | 0.00 | — | 0.01 | Mar 15, 2012 | EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. | |||
| CVE-2012-0397 | 0.00 | — | 0.03 | Mar 6, 2012 | Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2012-0396 | 0.00 | — | 0.01 | Feb 6, 2012 | EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | |||
| CVE-2011-4144 | 0.00 | — | 0.00 | Feb 2, 2012 | Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges. | |||
| CVE-2012-0395 | 0.00 | — | 0.03 | Jan 27, 2012 | Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2011-4143 | 0.00 | — | 0.01 | Jan 27, 2012 | EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors. | |||
| CVE-2011-4142 | 0.00 | — | 0.00 | Jan 19, 2012 | The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | |||
| CVE-2011-4141 | 0.00 | — | 0.02 | Dec 17, 2011 | Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file. | |||
| CVE-2011-2742 | 0.00 | — | 0.01 | Dec 14, 2011 | EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application… | |||
| CVE-2011-2741 | 0.00 | — | 0.01 | Dec 14, 2011 | EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously… | |||
| CVE-2011-2740 | 0.00 | — | 0.03 | Nov 9, 2011 | EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||
| CVE-2011-2739 | 0.00 | — | 0.03 | Nov 9, 2011 | The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | |||
| CVE-2011-1740 | 0.00 | — | 0.01 | Sep 19, 2011 | EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain. | |||
| CVE-2011-2735 | 0.00 | — | 0.02 | Aug 23, 2011 | Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP. | |||
| CVE-2011-2733 | 0.00 | — | 0.01 | Aug 18, 2011 | EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related… | |||
| CVE-2011-1744 | 0.00 | — | 0.01 | Aug 1, 2011 | EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site. | |||
| CVE-2011-1743 | 0.00 | — | 0.01 | Aug 1, 2011 | Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1742 | 0.00 | — | 0.00 | Aug 1, 2011 | EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. | |||
| CVE-2011-1424 | 0.00 | — | 0.01 | May 24, 2011 | The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive… | |||
| CVE-2011-1423 | 0.00 | — | 0.01 | May 5, 2011 | Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1422 | 0.00 | — | 0.01 | Apr 22, 2011 | Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2011-1421 | 0.00 | — | 0.00 | Apr 22, 2011 | EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors. | |||
| CVE-2011-1420 | 0.00 | — | 0.00 | Mar 28, 2011 | EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | |||
| CVE-2011-0648 | 0.00 | — | 0.03 | Mar 16, 2011 | Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors. |
- CVE-2012-4608Dec 5, 2012risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2012-4615Nov 27, 2012risk 0.00cvss —epss 0.00
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.
- CVE-2012-4614Nov 27, 2012risk 0.00cvss —epss 0.02
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session.
- CVE-2012-4611Nov 27, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-4613Nov 16, 2012risk 0.00cvss —epss 0.00
EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack.
- CVE-2012-4612Nov 16, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-4610Oct 31, 2012risk 0.00cvss —epss 0.01
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.
- CVE-2012-2290Oct 18, 2012risk 0.00cvss —epss 0.04
The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
- CVE-2012-2284Oct 18, 2012risk 0.00cvss —epss 0.00
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
- CVE-2012-2286Oct 10, 2012risk 0.00cvss —epss 0.01
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors.
- CVE-2012-2287Sep 25, 2012risk 0.00cvss —epss 0.03
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and…
- CVE-2012-2285Aug 29, 2012risk 0.00cvss —epss 0.01
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase.
- CVE-2012-2289Aug 26, 2012risk 0.00cvss —epss 0.05
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.
- CVE-2012-2283Aug 16, 2012risk 0.00cvss —epss 0.01
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before…
- CVE-2012-2282Jul 16, 2012risk 0.00cvss —epss 0.01
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify…
- CVE-2012-2280Jul 13, 2012risk 0.00cvss —epss 0.01
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."
- CVE-2012-2279Jul 13, 2012risk 0.00cvss —epss 0.01
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- CVE-2012-2278Jul 13, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via…
- CVE-2012-2281Jul 5, 2012risk 0.00cvss —epss 0.01
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via unspecified vectors.
- CVE-2012-0409Jun 1, 2012risk 0.00cvss —epss 0.05
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets.
- CVE-2012-0403Mar 20, 2012risk 0.00cvss —epss 0.02
Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 Patch 4 allows remote authenticated users to have an unspecified impact via unknown vectors.
- CVE-2012-0402Mar 20, 2012risk 0.00cvss —epss 0.02
EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded credentials, which makes it easier for remote attackers to obtain access via unknown vectors.
- CVE-2012-0401Mar 20, 2012risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- CVE-2012-0400Mar 20, 2012risk 0.00cvss —epss 0.01
EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the number of failed authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
- CVE-2012-0399Mar 20, 2012risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-0404Mar 15, 2012risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-0398Mar 15, 2012risk 0.00cvss —epss 0.01
EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.
- CVE-2012-0397Mar 6, 2012risk 0.00cvss —epss 0.03
Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
- CVE-2012-0396Feb 6, 2012risk 0.00cvss —epss 0.01
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.
- CVE-2011-4144Feb 2, 2012risk 0.00cvss —epss 0.00
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges.
- CVE-2012-0395Jan 27, 2012risk 0.00cvss —epss 0.03
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
- CVE-2011-4143Jan 27, 2012risk 0.00cvss —epss 0.01
EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote attackers to obtain sensitive information about environment variables in the web system via unspecified vectors.
- CVE-2011-4142Jan 19, 2012risk 0.00cvss —epss 0.00
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.
- CVE-2011-4141Dec 17, 2011risk 0.00cvss —epss 0.02
Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file.
- CVE-2011-2742Dec 14, 2011risk 0.00cvss —epss 0.01
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application…
- CVE-2011-2741Dec 14, 2011risk 0.00cvss —epss 0.01
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously…
- CVE-2011-2740Nov 9, 2011risk 0.00cvss —epss 0.03
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
- CVE-2011-2739Nov 9, 2011risk 0.00cvss —epss 0.03
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.
- CVE-2011-1740Sep 19, 2011risk 0.00cvss —epss 0.01
EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.
- CVE-2011-2735Aug 23, 2011risk 0.00cvss —epss 0.02
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP.
- CVE-2011-2733Aug 18, 2011risk 0.00cvss —epss 0.01
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related…
- CVE-2011-1744Aug 1, 2011risk 0.00cvss —epss 0.01
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site.
- CVE-2011-1743Aug 1, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1742Aug 1, 2011risk 0.00cvss —epss 0.00
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file.
- CVE-2011-1424May 24, 2011risk 0.00cvss —epss 0.01
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive…
- CVE-2011-1423May 5, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1422Apr 22, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2011-1421Apr 22, 2011risk 0.00cvss —epss 0.00
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.
- CVE-2011-1420Mar 28, 2011risk 0.00cvss —epss 0.00
EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
- CVE-2011-0648Mar 16, 2011risk 0.00cvss —epss 0.03
Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.
Page 11 of 12