Filtered by vendor Emc Subscriptions
Total 416 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-0907 1 Emc 2 Isilon Onefs, Isilonsd Edge Onefs 2024-11-21 N/A
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
CVE-2016-0906 1 Emc 1 Avamar 2024-11-21 N/A
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.
CVE-2016-0905 1 Emc 1 Avamar Server 2024-11-21 N/A
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
CVE-2016-0904 1 Emc 1 Avamar Server 2024-11-21 N/A
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation.
CVE-2016-0903 1 Emc 1 Avamar Server 2024-11-21 N/A
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
CVE-2016-0902 1 Emc 1 Rsa Authentication Manager 2024-11-21 N/A
CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
CVE-2016-0901 1 Emc 1 Rsa Authentication Manager 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900.
CVE-2016-0900 1 Emc 1 Rsa Authentication Manager 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901.
CVE-2016-0899 1 Emc 1 Rsa Archer Egrc 2024-11-21 N/A
EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated users to read the web.config.bak file, and obtain sensitive credential information, by modifying the IIS configuration to set a Content-Type header for .bak files.
CVE-2016-0895 1 Emc 1 Rsa Data Loss Prevention 2024-11-21 N/A
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity.
CVE-2016-0894 1 Emc 1 Rsa Data Loss Prevention 2024-11-21 N/A
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter.
CVE-2016-0893 1 Emc 1 Rsa Data Loss Prevention 2024-11-21 N/A
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages.
CVE-2016-0892 1 Emc 1 Rsa Data Loss Prevention 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-0891 1 Emc 1 Vipr Srm 2024-11-21 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
CVE-2016-0890 1 Emc 1 Powerpath Virtual Appliance 2024-11-21 N/A
EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system.
CVE-2016-0888 1 Emc 1 Documentum D2 2024-11-21 N/A
EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors.
CVE-2016-0886 1 Emc 1 Documentum Xcp 2024-11-21 N/A
EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call.
CVE-2016-0882 1 Emc 1 Documentum Xcp 2024-11-21 N/A
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2016-0881 1 Emc 1 Documentum Xcp 2024-11-21 N/A
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request.
CVE-2015-6852 1 Emc 1 Secure Remote Services 2024-11-21 N/A
Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter.