Filtered by vendor Emc
Subscriptions
Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0641 | 1 Emc | 1 Rsa Archer Egrc | 2024-08-06 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. | ||||
| CVE-2014-0642 | 1 Emc | 1 Documentum Content Server | 2024-08-06 | N/A |
| EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata from certain folders via unspecified vectors. | ||||
| CVE-2014-0637 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-0635 | 1 Emc | 1 Vplex Geosynchrony | 2024-08-06 | N/A |
| Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2014-0622 | 1 Emc | 1 Documentum Foundation Services | 2024-08-06 | N/A |
| The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors. | ||||
| CVE-2014-0627 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2024-08-06 | N/A |
| The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. | ||||
| CVE-2014-0644 | 1 Emc | 2 Cloud Tiering Appliance, Cloud Tiering Appliance Software | 2024-08-06 | N/A |
| EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file. | ||||
| CVE-2014-0639 | 1 Emc | 1 Rsa Archer Egrc | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-0630 | 1 Emc | 1 Documentum Taskspace | 2024-08-06 | N/A |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. | ||||
| CVE-2014-0634 | 1 Emc | 1 Vplex Geosynchrony | 2024-08-06 | N/A |
| EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2014-0632 | 1 Emc | 1 Vplex Geosynchrony | 2024-08-06 | N/A |
| Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-0645 | 1 Emc | 4 Cloud Tiering Appliance, Cloud Tiering Appliance Software, File Management Appliance and 1 more | 2024-08-06 | N/A |
| EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack. | ||||
| CVE-2014-0633 | 1 Emc | 1 Vplex Geosynchrony | 2024-08-06 | N/A |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | ||||
| CVE-2014-0638 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue. | ||||
| CVE-2014-0646 | 1 Emc | 1 Rsa Access Manager | 2024-08-06 | N/A |
| The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows local users to discover cleartext passwords by reading log files. | ||||
| CVE-2014-0640 | 1 Emc | 1 Rsa Archer Egrc | 2024-08-06 | N/A |
| EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | ||||
| CVE-2014-0643 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2024-08-06 | N/A |
| EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. | ||||
| CVE-2014-0626 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2024-08-06 | N/A |
| The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. | ||||
| CVE-2014-0629 | 1 Emc | 1 Documentum Taskspace | 2024-08-06 | N/A |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation. | ||||
| CVE-2014-0625 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2024-08-06 | N/A |
| The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. | ||||