Filtered by vendor Emc
Subscribe
Total
414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4638 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | 5.0 MEDIUM | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0519 | 1 Emc | 1 Captiva Capture | 2025-04-12 | 2.1 LOW | N/A |
| The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2014-0640 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | 4.0 MEDIUM | N/A |
| EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors. | |||||
| CVE-2016-0882 | 1 Emc | 1 Documentum Xcp | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2015-6849 | 1 Emc | 1 Networker | 2025-04-12 | 7.8 HIGH | N/A |
| EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. | |||||
| CVE-2016-0900 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901. | |||||
| CVE-2016-0893 | 1 Emc | 1 Rsa Data Loss Prevention | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to obtain sensitive information by reading error messages. | |||||
| CVE-2015-0517 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 4.0 MEDIUM | N/A |
| The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file. | |||||
| CVE-2015-6848 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | |||||
| CVE-2015-0548 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 4.0 MEDIUM | N/A |
| The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. | |||||
| CVE-2014-2516 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2014-2508 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 7.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints. | |||||
| CVE-2015-4526 | 1 Emc | 1 Recoverpoint For Virtual Machines | 2025-04-12 | 7.2 HIGH | N/A |
| EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. | |||||
| CVE-2014-0645 | 1 Emc | 4 Cloud Tiering Appliance, Cloud Tiering Appliance Software, File Management Appliance and 1 more | 2025-04-12 | 4.7 MEDIUM | N/A |
| EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack. | |||||
| CVE-2015-0527 | 1 Emc | 1 Documentum Xcelerated Management System | 2025-04-12 | 2.1 LOW | N/A |
| EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. | |||||
| CVE-2015-4545 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | 9.0 HIGH | 8.0 HIGH |
| EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session. | |||||
| CVE-2014-0638 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" issue. | |||||
| CVE-2014-2518 | 1 Emc | 9 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 6 more | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-6641 | 1 Emc | 1 Vipr Srm | 2025-04-12 | 3.5 LOW | 7.6 HIGH |
| Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-6642 | 1 Emc | 1 Vipr Srm | 2025-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | |||||