Filtered by vendor Emc
Subscribe
Total
412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4539 | 1 Emc | 1 Rsa Identity Management And Governance | 2016-12-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2016-12-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | |||||
| CVE-2015-6843 | 1 Emc | 1 Sourceone Email Supervisor | 2016-12-08 | 5.0 MEDIUM | N/A |
| Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2015-6844 | 1 Emc | 1 Sourceone Email Supervisor | 2016-12-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6845 | 1 Emc | 1 Sourceone Email Supervisor | 2016-12-08 | 7.5 HIGH | N/A |
| EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | |||||
| CVE-2015-6846 | 1 Emc | 1 Sourceone Email Supervisor | 2016-12-07 | 6.8 MEDIUM | N/A |
| EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. | |||||
| CVE-2015-6852 | 1 Emc | 1 Secure Remote Services | 2016-12-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | |||||
| CVE-2015-6850 | 1 Emc | 1 Vplex Geosynchrony | 2016-12-07 | 7.2 HIGH | 8.4 HIGH |
| EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |||||
| CVE-2015-6849 | 1 Emc | 1 Networker | 2016-12-07 | 7.8 HIGH | N/A |
| EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. | |||||
| CVE-2015-6847 | 1 Emc | 1 Vplex Geosynchrony | 2016-12-07 | 2.1 LOW | N/A |
| The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2014-4636 | 1 Emc | 1 Documentum Wdk | 2016-12-06 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. | |||||
| CVE-2014-4637 | 1 Emc | 1 Documentum Wdk | 2016-12-06 | 6.4 MEDIUM | N/A |
| Open redirect vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | |||||
| CVE-2014-4638 | 1 Emc | 1 Documentum Wdk | 2016-12-06 | 5.0 MEDIUM | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4635 | 1 Emc | 1 Documentum Wdk | 2016-12-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0893 | 1 Emc | 1 Rsa Data Loss Prevention | 2016-11-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | |||||
| CVE-2016-0902 | 1 Emc | 1 Rsa Authentication Manager | 2016-11-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| CRLF injection vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
| CVE-2016-0901 | 1 Emc | 1 Rsa Authentication Manager | 2016-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900. | |||||
| CVE-2016-0895 | 1 Emc | 1 Rsa Data Loss Prevention | 2016-11-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to conduct clickjacking attacks via web-site elements with crafted transparency or opacity. | |||||
| CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2016-11-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | |||||
| CVE-2016-0900 | 1 Emc | 1 Rsa Authentication Manager | 2016-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | |||||