Filtered by vendor Emc
Subscriptions
Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6644 | 1 Emc | 1 Documentum D2 | 2024-08-06 | N/A |
| EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | ||||
| CVE-2016-6641 | 1 Emc | 1 Vipr Srm | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-6645 | 2 Dell, Emc | 3 Emc Unisphere, Solutions Enabler, Unisphere | 2024-08-06 | N/A |
| The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. | ||||
| CVE-2016-6642 | 1 Emc | 1 Vipr Srm | 2024-08-06 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | ||||
| CVE-2016-6647 | 1 Emc | 1 Vipr Srm | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-0921 | 1 Emc | 1 Avamar Server | 2024-08-05 | N/A |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. | ||||
| CVE-2016-0918 | 1 Emc | 2 Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2024-08-05 | N/A |
| EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. | ||||
| CVE-2016-0899 | 1 Emc | 1 Rsa Archer Egrc | 2024-08-05 | N/A |
| EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files. | ||||
| CVE-2016-0920 | 1 Emc | 1 Avamar Server | 2024-08-05 | N/A |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | ||||
| CVE-2016-0904 | 1 Emc | 1 Avamar Server | 2024-08-05 | N/A |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. | ||||
| CVE-2016-0905 | 1 Emc | 1 Avamar Server | 2024-08-05 | N/A |
| Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. | ||||
| CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2024-08-05 | N/A |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | ||||
| CVE-2016-0916 | 1 Emc | 1 Networker | 2024-08-05 | N/A |
| EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. | ||||
| CVE-2016-0900 | 1 Emc | 1 Rsa Authentication Manager | 2024-08-05 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | ||||
| CVE-2016-0908 | 1 Emc | 1 Isilon Onefs | 2024-08-05 | N/A |
| EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | ||||
| CVE-2016-0922 | 1 Emc | 1 Vipr Srm | 2024-08-05 | N/A |
| EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. | ||||
| CVE-2016-0917 | 1 Emc | 13 Vnx1 Oe Firmware, Vnx2 Oe Firmware, Vnx5200 and 10 more | 2024-08-05 | N/A |
| The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. | ||||
| CVE-2016-0910 | 1 Emc | 1 Data Domain Os | 2024-08-05 | N/A |
| EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | ||||
| CVE-2016-0893 | 1 Emc | 1 Rsa Data Loss Prevention | 2024-08-05 | N/A |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | ||||
| CVE-2016-0915 | 1 Emc | 1 Authentication Manager Prime | 2024-08-05 | 8.1 High |
| The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability." | ||||