Filtered by vendor Emc
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-4987 | 1 Emc | 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more | 2017-06-29 | 4.4 MEDIUM | 7.3 HIGH |
| In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability. | |||||
| CVE-2017-4980 | 1 Emc | 1 Isilon Onefs | 2017-04-10 | 5.0 MEDIUM | 7.5 HIGH |
| EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1. | |||||
| CVE-2016-9871 | 1 Emc | 1 Isilon Onefs | 2017-03-14 | 9.0 HIGH | 7.2 HIGH |
| EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. | |||||
| CVE-2017-2766 | 1 Emc | 1 Documentum Eroom | 2017-03-09 | 7.5 HIGH | 9.8 CRITICAL |
| EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-6649 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2017-03-08 | 7.2 HIGH | 6.7 MEDIUM |
| EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root. | |||||
| CVE-2016-6648 | 1 Emc | 2 Recoverpoint, Recoverpoint For Virtual Machines | 2017-03-08 | 2.1 LOW | 4.4 MEDIUM |
| EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. | |||||
| CVE-2016-0890 | 1 Emc | 1 Powerpath Virtual Appliance | 2017-03-02 | 6.0 MEDIUM | 6.4 MEDIUM |
| EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-8215 | 1 Emc | 1 Rsa Security Analytics | 2017-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-8214 | 1 Emc | 2 Avamar Data Store, Avamar Virtual Edition | 2017-02-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers. | |||||
| CVE-2016-8213 | 1 Emc | 4 Documentum Administrator, Documentum Capital Projects, Documentum Taskspace and 1 more | 2017-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2016-9870 | 1 Emc | 1 Isilon Onefs | 2017-01-24 | 7.2 HIGH | 6.7 MEDIUM |
| EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system. | |||||
| CVE-2016-0888 | 1 Emc | 1 Documentum D2 | 2017-01-11 | 9.0 HIGH | 8.8 HIGH |
| EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. | |||||
| CVE-2016-0882 | 1 Emc | 1 Documentum Xcp | 2017-01-11 | 5.5 MEDIUM | 5.4 MEDIUM |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2016-0881 | 1 Emc | 1 Documentum Xcp | 2017-01-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository information by appending a query to a REST request. | |||||
| CVE-2016-0914 | 1 Emc | 4 Documentum Administrator, Documentum Capital Projects, Documentum Taskspace and 1 more | 2017-01-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, Documentum Administrator 7.x before 7.2 Patch 13, Documentum Capital Projects 1.9 before Patch 23 and 1.10 before Patch 10, and Documentum TaskSpace 6.7 SP3 allow remote authenticated users to bypass intended access restrictions and execute arbitrary IAPI/IDQL commands via the IAPI/IDQL interface. | |||||
| CVE-2016-0886 | 1 Emc | 1 Documentum Xcp | 2017-01-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. | |||||
| CVE-2016-9869 | 1 Emc | 1 Scaleio | 2017-01-11 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable. | |||||
| CVE-2016-9868 | 1 Emc | 1 Scaleio | 2017-01-11 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. | |||||
| CVE-2016-9867 | 1 Emc | 1 Scaleio | 2017-01-11 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | |||||
| CVE-2016-0910 | 1 Emc | 1 Data Domain Os | 2017-01-11 | 4.3 MEDIUM | 8.8 HIGH |
| EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | |||||