Filtered by vendor Emc
Subscriptions
Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6846 | 1 Emc | 1 Sourceone Email Supervisor | 2025-04-12 | N/A |
| EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. | ||||
| CVE-2015-4524 | 1 Emc | 5 Documentum Administrator, Documentum Digital Asset Manager, Documentum Taskspace and 2 more | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server. | ||||
| CVE-2014-2508 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended restrictions on database actions via vectors involving DQL hints. | ||||
| CVE-2014-0624 | 1 Emc | 1 Rsa Data Loss Prevention | 2025-04-12 | N/A |
| EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors. | ||||
| CVE-2015-4546 | 1 Emc | 2 Rsa Certificate Manager, Rsa Onestep | 2025-04-12 | N/A |
| Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | ||||
| CVE-2015-6847 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | N/A |
| The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2014-2519 | 1 Emc | 1 Recoverpoint Appliance | 2025-04-12 | N/A |
| The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports. | ||||
| CVE-2015-4527 | 1 Emc | 2 Avamar Server, Avamar Server Virtual Edition | 2025-04-12 | N/A |
| Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. | ||||
| CVE-2015-4535 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. | ||||
| CVE-2015-6852 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | N/A |
| Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | ||||
| CVE-2016-0891 | 1 Emc | 1 Vipr Srm | 2025-04-12 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators. | ||||
| CVE-2015-4541 | 1 Emc | 1 Rsa Archer Grc | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4533 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | ||||
| CVE-2015-4537 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive. | ||||
| CVE-2015-4528 | 1 Emc | 1 Documentum Centerstage | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage 1.2SP1 and 1.2SP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4525 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | N/A |
| The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. | ||||
| CVE-2015-4534 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter. | ||||
| CVE-2015-4539 | 1 Emc | 1 Rsa Identity Management And Governance | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-4536 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file. | ||||
| CVE-2014-0633 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | N/A |
| The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | ||||