Filtered by vendor Emc
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8025 | 1 Emc | 1 Archer Grc Platform | 2025-04-20 | 6.8 MEDIUM | 7.4 HIGH |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary file upload vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to upload malicious files via attachments to arbitrary paths on the web server. | |||||
| CVE-2016-9867 | 1 Emc | 1 Scaleio | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | |||||
| CVE-2016-8215 | 1 Emc | 1 Rsa Security Analytics | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-14380 | 1 Emc | 1 Isilon Onefs | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode. | |||||
| CVE-2016-6649 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. | |||||
| CVE-2016-8214 | 1 Emc | 2 Avamar Data Store, Avamar Virtual Edition | 2025-04-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | |||||
| CVE-2017-3757 | 1 Emc | 1 Elan Touchpad Driver | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges. | |||||
| CVE-2016-9872 | 1 Emc | 1 Documentum D2 | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-10955 | 1 Emc | 1 Data Protection Advisor | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability | |||||
| CVE-2017-8005 | 2 Emc, Rsa | 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application. | |||||
| CVE-2017-4979 | 1 Emc | 1 Isilon Onefs | 2025-04-20 | 4.6 MEDIUM | 7.1 HIGH |
| EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. | |||||
| CVE-2017-4985 | 1 Emc | 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system. | |||||
| CVE-2017-14373 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-4986 | 1 Emc | 1 Secure Remote Services | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-8020 | 1 Emc | 1 Scaleio | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vulnerability in the SDBG service may potentially allow a remote unauthenticated attacker to execute arbitrary commands with root privileges on an affected server. | |||||
| CVE-2017-2767 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-5001 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in an error message to launch another more focused attack. | |||||
| CVE-2017-8019 | 1 Emc | 1 Scaleio | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in message parsers (MDM, SDS, and LIA) could potentially allow an unauthenticated remote attacker to send specifically crafted packets to stop ScaleIO services and cause a denial of service situation. | |||||
| CVE-2016-9870 | 1 Emc | 1 Isilon Onefs | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. | |||||
| CVE-2017-8022 | 1 Emc | 1 Networker | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform. | |||||