VYPR

Vendor CVEs

EMC Corporation

All CVEs

592 total · sorted by risk
  • CVE-2016-0904HigSep 21, 2016
    risk 0.56cvss 8.6epss 0.01

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server…

  • CVE-2016-0909HigNov 15, 2016
    risk 0.55cvss 8.4epss 0.00

    EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.

  • CVE-2015-6850HigDec 28, 2015
    risk 0.55cvss 8.4epss 0.01

    EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.

  • CVE-2018-1251HigSep 28, 2018
    risk 0.54cvss 8.3epss 0.02

    Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a…

  • CVE-2018-11048HigAug 10, 2018
    risk 0.53cvss 8.1epss 0.02

    Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit…

  • CVE-2018-11059HigJul 24, 2018
    risk 0.53cvss 8.2epss 0.01

    RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application…

  • CVE-2018-1218HigMar 19, 2018
    risk 0.53cvss 7.5epss 0.14

    In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to 9.1.1.6, 9.0.x, and versions prior to 8.2.4.11, the 'nsrd' daemon causes a buffer overflow condition when handling certain messages. A remote unauthenticated attacker could potentially exploit this vulnerability…

  • CVE-2017-8022HigOct 18, 2017
    risk 0.53cvss 8.1epss 0.03

    An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability…

  • CVE-2016-0915HigAug 22, 2016
    risk 0.53cvss 8.1epss 0.02

    The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request,…

  • CVE-2016-0911HigJun 19, 2016
    risk 0.53cvss 8.2epss 0.01

    EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

  • CVE-2018-1240HigApr 18, 2018
    risk 0.52cvss 8.0epss 0.01

    Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. VRRP defaults to an insecure configuration in Linux's keepalived component which sends the cluster password in plaintext through multicast. A malicious user, having…

  • CVE-2015-4545HigDec 21, 2015
    risk 0.52cvss 8.0epss 0.02

    EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.

  • CVE-2018-11064HigOct 5, 2018
    risk 0.51cvss 7.8epss 0.00

    Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability to alter multiple library files in service tools…

  • CVE-2018-1247HigMay 8, 2018
    risk 0.51cvss 7.1epss 0.17

    RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted…

  • CVE-2018-1182HigMar 8, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle…

  • CVE-2017-14376HigNov 1, 2017
    risk 0.51cvss 7.8epss 0.00

    EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2017-3757HigAug 29, 2017
    risk 0.51cvss 7.8epss 0.00

    An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges.

  • CVE-2017-4985HigJun 19, 2017
    risk 0.51cvss 7.8epss 0.00

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be…

  • CVE-2016-0920HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.

  • CVE-2018-11071HigSep 18, 2018
    risk 0.49cvss 7.5epss 0.02

    Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may…

  • CVE-2018-1243HigJul 2, 2018
    risk 0.49cvss 7.5epss 0.02

    Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for…

  • CVE-2018-1232HigMar 30, 2018
    risk 0.49cvss 7.5epss 0.03

    RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to…

  • CVE-2018-1238HigMar 27, 2018
    risk 0.49cvss 7.5epss 0.02

    Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access…

  • CVE-2018-1205HigMar 27, 2018
    risk 0.49cvss 7.5epss 0.01

    Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash.

  • CVE-2017-14385HigDec 20, 2017
    risk 0.49cvss 7.5epss 0.05

    An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data…

  • CVE-2017-8019HigNov 28, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation.

  • CVE-2017-8018HigOct 3, 2017
    risk 0.49cvss 7.5epss 0.01

    EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.

  • CVE-2017-4980HigMar 29, 2017
    risk 0.49cvss 7.5epss 0.02

    EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.

  • CVE-2016-6650HigMar 21, 2017
    risk 0.49cvss 7.5epss 0.02

    EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system.

  • CVE-2016-8212HigFeb 3, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the…

  • CVE-2016-8211HigFeb 3, 2017
    risk 0.49cvss 7.5epss 0.03

    EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users…

  • CVE-2016-6641HigSep 18, 2016
    risk 0.49cvss 7.6epss 0.01

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-0923HigSep 18, 2016
    risk 0.49cvss 7.5epss 0.02

    The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by…

  • CVE-2015-0536HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.02

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a…

  • CVE-2015-0535HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.01

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via…

  • CVE-2015-0534HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.01

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a…

  • CVE-2015-0533HigAug 20, 2015
    risk 0.49cvss 7.5epss 0.01

    EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar…

  • CVE-2008-3289HigJul 24, 2008
    risk 0.49cvss 7.5epss 0.05

    EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in cleartext at an unspecified point, which allows remote attackers to obtain sensitive information via a crafted packet.

  • CVE-2017-8025HigOct 11, 2017
    risk 0.48cvss 7.4epss 0.01

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server.

  • CVE-2018-1204MedMar 26, 2018
    risk 0.47cvss 6.7epss 0.02

    Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability…

  • CVE-2018-1203MedMar 26, 2018
    risk 0.47cvss 6.7epss 0.02

    In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code…

  • CVE-2018-1185MedFeb 3, 2018
    risk 0.47cvss 6.7epss 0.06

    An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Admin CLI may allow a malicious user with admin privileges to escape…

  • CVE-2017-8004HigJul 17, 2017
    risk 0.47cvss 7.2epss 0.02

    The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and…

  • CVE-2017-4988HigJun 21, 2017
    risk 0.47cvss 7.2epss 0.02

    EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.

  • CVE-2017-4987HigJun 19, 2017
    risk 0.47cvss 7.3epss 0.00

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control…

  • CVE-2016-9871HigFeb 3, 2017
    risk 0.47cvss 7.2epss 0.02

    EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.

  • CVE-2018-1214HigFeb 12, 2018
    risk 0.46cvss 7.0epss 0.01

    Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management…

  • CVE-2017-4979HigMay 19, 2017
    risk 0.46cvss 7.1epss 0.01

    EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS…

  • CVE-2017-4977HigMar 29, 2017
    risk 0.46cvss 7.0epss 0.00

    EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.

  • CVE-2018-1184MedFeb 3, 2018
    risk 0.44cvss 6.7epss 0.01

    An issue was discovered in EMC RecoverPoint for Virtual Machines versions prior to 5.1.1, EMC RecoverPoint version 5.1.0.0, and EMC RecoverPoint versions prior to 5.0.1.3. Command injection vulnerability in Boxmgmt CLI may allow a malicious user with boxmgmt privileges to bypass…

Page 2 of 12