Filtered by vendor Emc
Subscriptions
Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0928 | 1 Emc | 1 Alphastor | 2024-08-06 | N/A |
| The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. | ||||
| CVE-2014-4629 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
| EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference. | ||||
| CVE-2014-4622 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
| EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. | ||||
| CVE-2014-4637 | 1 Emc | 1 Documentum Wdk | 2024-08-06 | N/A |
| Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | ||||
| CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2024-08-06 | N/A |
| EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | ||||
| CVE-2014-4623 | 1 Emc | 1 Avamar | 2024-08-06 | N/A |
| EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | ||||
| CVE-2014-4621 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
| EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | ||||
| CVE-2014-4633 | 1 Emc | 1 Rsa Archer Egrc | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4638 | 1 Emc | 1 Documentum Wdk | 2024-08-06 | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-4628 | 1 Emc | 1 Isilon Insightiq | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4636 | 1 Emc | 1 Documentum Wdk | 2024-08-06 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. | ||||
| CVE-2014-4635 | 1 Emc | 1 Documentum Wdk | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4634 | 1 Emc | 2 Appsync, Replication Manager | 2024-08-06 | N/A |
| Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | ||||
| CVE-2014-4631 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2024-08-06 | N/A |
| RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | ||||
| CVE-2014-4620 | 2 Emc, Meditech | 2 Networker, Meditech | 2024-08-06 | N/A |
| The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. | ||||
| CVE-2014-4626 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
| EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. | ||||
| CVE-2014-4618 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to gain privileges via a user-created system object. | ||||
| CVE-2014-4639 | 1 Emc | 1 Documentum Wdk | 2024-08-06 | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value. | ||||
| CVE-2014-2511 | 1 Emc | 8 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 5 more | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. | ||||
| CVE-2014-2507 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods. | ||||