Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Emc Subscribe
Total 412 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0891 1 Emc 1 Vipr Srm 2018-10-09 6.8 MEDIUM 8.8 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
CVE-2015-0516 1 Emc 2 Vipr Srm, Watch4net 2018-10-09 4.0 MEDIUM N/A
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2015-0524 1 Emc 1 Secure Remote Services 2018-10-09 7.5 HIGH N/A
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0514 1 Emc 2 Vipr Srm, Watch4net 2018-10-09 5.0 MEDIUM N/A
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
CVE-2014-4631 1 Emc 1 Rsa Adaptive Authentication On-premise 2018-10-09 5.0 MEDIUM N/A
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication.
CVE-2014-4629 1 Emc 1 Documentum Content Server 2018-10-09 9.0 HIGH N/A
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference.
CVE-2014-2512 1 Emc 1 Documentum Eroom 2018-10-09 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-2506 1 Emc 1 Documentum Content Server 2018-10-09 8.5 HIGH N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
CVE-2014-2508 1 Emc 1 Documentum Content Server 2018-10-09 7.5 HIGH N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints.
CVE-2014-2507 1 Emc 1 Documentum Content Server 2018-10-09 8.5 HIGH N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to unspecified methods.
CVE-2014-2509 1 Emc 1 Smarts Network Configuration Manager 2018-10-09 5.4 MEDIUM N/A
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie.
CVE-2011-2735 1 Emc 1 Autostart 2018-10-09 7.9 HIGH N/A
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.1 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by sending a crafted message over TCP.
CVE-2011-2733 1 Emc 1 Rsa Adaptive Authentication On-premise 2018-10-09 7.5 HIGH N/A
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.
CVE-2011-1741 1 Emc 1 Documentum Eroom 2018-10-09 10.0 HIGH N/A
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
CVE-2011-2738 2 Cisco, Emc 6 Ciscoworks Lan Management Solution, Unified Operations Manager, Unified Service Monitor and 3 more 2018-10-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.
CVE-2011-1424 3 Emc, Ibm, Microsoft 4 Sourceone Email Management, Lotus Domino, Lotus Notes and 1 more 2018-10-09 3.5 LOW N/A
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
CVE-2011-1423 1 Emc 1 Data Loss Prevention Enterprise Manager 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1422 1 Emc 1 Rsa Adaptive Authentication On-premise 2018-10-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2011-1421 1 Emc 1 Networker 2018-10-09 6.9 MEDIUM N/A
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.
CVE-2011-1420 2 Emc, Oracle 2 Data Protection Advisor Collector, Solaris Sparc 2018-10-09 7.2 HIGH N/A
EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.