Filtered by vendor Emc
Subscribe
Total
412 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0648 | 1 Emc | 1 Avamar | 2018-10-09 | 8.5 HIGH | N/A |
| Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2011-0647 | 1 Emc | 2 Networker Module, Replication Manager | 2018-10-09 | 10.0 HIGH | N/A |
| The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542. | |||||
| CVE-2011-0442 | 1 Emc | 1 Avamar | 2018-10-09 | 3.5 LOW | N/A |
| The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2018-1206 | 1 Emc | 1 Data Protection Advisor | 2018-04-13 | 7.2 HIGH | 7.8 HIGH |
| Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where DPA Datastore Service is installed and knowledge of the password may potentially gain unauthorized access to the database. Note: The Datastore Service database cannot be accessed remotely using this account. | |||||
| CVE-2017-8013 | 1 Emc | 1 Data Protection Advisor | 2018-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password could potentially use these accounts via REST APIs to gain unauthorized access to EMC Data Protection Advisor (including potentially access with administrative privileges). | |||||
| CVE-2018-1220 | 1 Emc | 1 Rsa Archer | 2018-03-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users. | |||||
| CVE-2017-15546 | 1 Emc | 1 Rsa Authentication Manager | 2018-02-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database. | |||||
| CVE-2017-15548 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2018-01-18 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. | |||||
| CVE-2017-15549 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2018-01-18 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. | |||||
| CVE-2017-15550 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2018-01-18 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. | |||||
| CVE-2017-14385 | 1 Emc | 2 Data Domain, Data Domain Os | 2018-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution. | |||||
| CVE-2014-0622 | 1 Emc | 1 Documentum Foundation Services | 2018-01-02 | 9.0 HIGH | N/A |
| The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors. | |||||
| CVE-2017-14379 | 1 Emc | 1 Rsa Authentication Manager | 2017-12-20 | 3.5 LOW | 5.4 MEDIUM |
| EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2001-0910 | 1 Emc | 1 Networker | 2017-12-18 | 7.5 HIGH | N/A |
| Legato Networker before 6.1 allows remote attackers to bypass access restrictions and gain privileges on the Networker interface by spoofing the admin server name and IP address and connecting to Networker from an IP address whose hostname can not be determined by a DNS reverse lookup. | |||||
| CVE-2017-8019 | 1 Emc | 1 Scaleio | 2017-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. | |||||
| CVE-2017-8020 | 1 Emc | 1 Scaleio | 2017-12-15 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server. | |||||
| CVE-2017-14376 | 1 Emc | 1 Appsync | 2017-11-22 | 7.2 HIGH | 7.8 HIGH |
| EMC AppSync Server prior to 3.5.0.1 contains database accounts with hardcoded passwords that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-14373 | 1 Emc | 1 Rsa Authentication Manager | 2017-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-8022 | 1 Emc | 1 Networker | 2017-11-14 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform. | |||||
| CVE-2017-8024 | 1 Emc | 1 Isilon Onefs | 2017-11-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||