| CVE-2014-4636 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perfor… |
| CVE-2014-4635 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum Web Development Kit (WDK) before 6.8 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4634 |
medium |
— |
4.6 |
|
|
emc |
12y ago |
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed … |
| CVE-2014-4626 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job obje… |
| CVE-2014-4633 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-4628 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-2516 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vect… |
| CVE-2014-4631 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phon… |
| CVE-2014-4629 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct… |
| CVE-2014-4623 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, wh… |
| CVE-2014-4619 |
critical |
— |
9.3 |
|
|
emc |
12y ago |
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers… |
| CVE-2014-2521 |
medium |
— |
6.3 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command. |
| CVE-2014-2520 |
medium |
— |
6.3 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL inj… |
| CVE-2014-2518 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. |
| CVE-2014-2517 |
medium |
— |
6.5 |
|
|
emc |
12y ago |
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. |
| CVE-2014-2511 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) starta… |
| CVE-2014-2505 |
medium |
— |
5.4 |
|
|
emc |
12y ago |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors. |
| CVE-2014-0641 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2014-0640 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. |
| CVE-2014-2510 |
medium |
— |
6.8 |
|
|
emc |
12y ago |
The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 before P39, 6.7 SP1 before P28, and 6.7 SP2 before P15, as used in My Documentum for Desktop, My Documentum for Microsoft Outlook, … |
| CVE-2014-2509 |
medium |
— |
5.4 |
|
|
emc |
12y ago |
Session fixation vulnerability in the Report Advisor (RA) component in EMC Network Configuration Manager (NCM) before 9.3 allows remote attackers to hijack web sessions via a session cookie. |
| CVE-2013-6078 |
medium |
— |
5.8 |
|
|
emc |
12y ago |
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which mak… |
| CVE-2014-2502 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA Adaptive Authentication (Hosted) 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-2504 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… |
| CVE-2014-0639 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-0646 |
medium |
— |
6.9 |
|
|
emc |
12y ago |
The runtime WS component in the server in EMC RSA Access Manager 6.1.3 before 6.1.3.39, 6.1.4 before 6.1.4.22, 6.2.0 before 6.2.0.11, and 6.2.1 before 6.2.1.03, when INFO logging is enabled, allows l… |
| CVE-2014-0645 |
medium |
— |
4.7 |
|
|
emc |
12y ago |
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-depen… |
| CVE-2014-0642 |
medium |
— |
5.5 |
|
|
emc |
12y ago |
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro… |
| CVE-2014-0638 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving… |
| CVE-2014-0637 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to … |
| CVE-2014-0634 |
medium |
— |
6.0 |
|
|
emc |
12y ago |
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen… |
| CVE-2014-0632 |
critical |
— |
9.0 |
|
|
emc |
12y ago |
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors. |
| CVE-2014-0623 |
medium |
— |
4.3 |
|
|
emc |
12y ago |
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecifie… |
| CVE-2014-2276 |
medium |
— |
5.0 |
|
|
emc |
12y ago |
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remo… |
| CVE-2014-0630 |
medium |
— |
4.0 |
|
|
emc |
12y ago |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. |
| CVE-2014-0627 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a… |
| CVE-2014-0626 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering a… |
| CVE-2014-0625 |
medium |
— |
5.0 |
|
|
dellemc |
13y ago |
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) … |
| CVE-2014-0622 |
critical |
— |
9.0 |
|
|
emc |
13y ago |
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, w… |
| CVE-2013-6178 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-6810 |
critical |
— |
10.0 |
EXP |
|
emc |
13y ago |
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote a… |
| CVE-2013-6180 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended… |
| CVE-2013-6176 |
medium |
— |
6.5 |
|
|
emc |
13y ago |
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publ… |
| CVE-2013-6175 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise… |
| CVE-2013-6174 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Ed… |
| CVE-2013-6173 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Ent… |
| CVE-2013-3286 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2013-3281 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7… |
| CVE-2013-3279 |
medium |
— |
5.0 |
|
|
emc |
13y ago |
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection. |
| CVE-2013-3278 |
medium |
— |
4.9 |
|
|
emc |
13y ago |
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configur… |
| CVE-2013-3277 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2013-3276 |
medium |
— |
6.0 |
|
|
emc |
13y ago |
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. |
| CVE-2013-3271 |
medium |
— |
5.0 |
|
|
emc |
13y ago |
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it… |
| CVE-2013-0943 |
medium |
— |
4.6 |
|
|
emc |
13y ago |
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. |
| CVE-2013-3275 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obt… |
| CVE-2013-3274 |
critical |
— |
9.0 |
|
|
emc |
13y ago |
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authen… |
| CVE-2013-0942 |
medium |
— |
4.3 |
|
|
emcmicrosoftapache |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers t… |
| CVE-2013-3270 |
medium |
— |
6.8 |
|
|
emc |
13y ago |
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leve… |
| CVE-2013-0946 |
critical |
— |
10.0 |
EXP |
|
emc |
13y ago |
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands. |
| CVE-2013-0939 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive info… |
| CVE-2013-0938 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 all… |
| CVE-2013-0937 |
medium |
— |
5.8 |
|
|
emc |
13y ago |
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote… |
| CVE-2013-0934 |
medium |
— |
4.0 |
|
|
emc |
13y ago |
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors. |
| CVE-2013-0933 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via un… |
| CVE-2013-0932 |
medium |
— |
4.0 |
|
|
emc |
13y ago |
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors. |
| CVE-2013-0945 |
critical |
— |
9.3 |
|
|
emc |
13y ago |
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man… |
| CVE-2013-2717 |
critical |
— |
9.3 |
|
|
emc |
13y ago |
Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different … |
| CVE-2013-0936 |
medium |
— |
4.3 |
|
|
emc |
13y ago |
Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smar… |
| CVE-2013-0935 |
critical |
— |
9.3 |
|
|
emc |
13y ago |
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vector… |
| CVE-2012-2294 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page. |
| CVE-2012-2293 |
medium |
— |
6.5 |
|
|
emc |
14y ago |
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary… |
| CVE-2012-1064 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via u… |
| CVE-2013-0928 |
critical |
— |
10.0 |
EXP |
|
emc |
14y ago |
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. |
| CVE-2012-4607 |
critical |
— |
9.3 |
|
|
emc |
14y ago |
Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. |
| CVE-2012-4616 |
medium |
— |
5.0 |
|
|
emc |
14y ago |
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif… |
| CVE-2012-4609 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
| CVE-2012-4608 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2012-4614 |
critical |
— |
9.3 |
|
|
emc |
14y ago |
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact… |
| CVE-2012-4611 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vecto… |
| CVE-2012-4612 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2012-2290 |
critical |
— |
9.3 |
|
|
emc |
14y ago |
The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted messag… |
| CVE-2012-2288 |
critical |
— |
10.0 |
EXP |
|
emc |
14y ago |
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specif… |
| CVE-2012-2285 |
medium |
— |
6.8 |
|
|
emc |
14y ago |
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access … |
| CVE-2012-2282 |
medium |
— |
6.5 |
|
|
emc |
14y ago |
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement N… |
| CVE-2012-2280 |
medium |
— |
5.0 |
|
|
emcrsa |
14y ago |
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via uns… |
| CVE-2012-2279 |
medium |
— |
6.4 |
|
|
emcrsa |
14y ago |
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbi… |
| CVE-2012-2278 |
medium |
— |
4.3 |
|
|
emcrsa |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before … |
| CVE-2012-2515 |
critical |
— |
10.0 |
EXP |
|
emcge |
14y ago |
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXt… |
| CVE-2012-0407 |
medium |
— |
6.0 |
EXP |
|
emc |
14y ago |
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value… |
| CVE-2012-0404 |
medium |
— |
4.3 |
|
|
emc |
14y ago |
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-0396 |
medium |
— |
4.0 |
|
|
emc |
15y ago |
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or… |
| CVE-2011-4144 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveragi… |
| CVE-2012-0395 |
critical |
— |
9.3 |
|
|
emc |
15y ago |
Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute ar… |
| CVE-2011-2742 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile a… |
| CVE-2011-2741 |
medium |
— |
6.8 |
|
|
emc |
15y ago |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow … |
| CVE-2011-2738 |
critical |
— |
10.0 |
|
|
ciscoemc |
15y ago |
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and m… |
| CVE-2011-1744 |
medium |
— |
5.8 |
|
|
emc |
15y ago |
EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted w… |
| CVE-2011-1743 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-1741 |
critical |
— |
10.0 |
|
|
emc |
15y ago |
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote a… |
| CVE-2011-1423 |
medium |
— |
4.3 |
|
|
emc |
15y ago |
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
