Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Emc
Angry Yack Logo
Total 414 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0648 1 Emc 1 Avamar 2025-04-11 8.5 HIGH N/A
Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.
CVE-2013-6173 1 Emc 1 Document Sciences Xpression 2025-04-11 6.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard.
CVE-2013-0944 1 Emc 1 Avamar 2025-04-11 3.5 LOW N/A
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2013-6180 1 Emc 2 Rsa Netwitness Nextgen, Rsa Security Analytics 2025-04-11 6.8 MEDIUM N/A
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
CVE-2012-0409 1 Emc 1 Autostart 2025-04-11 7.5 HIGH N/A
Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets.
CVE-2013-0943 1 Emc 1 Networker 2025-04-11 4.6 MEDIUM N/A
EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin.
CVE-2013-2717 1 Emc 1 Smarts Network Configuration Manager 2025-04-11 9.3 HIGH N/A
Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs for open-source server components or other third-party components.
CVE-2012-4607 1 Emc 1 Networker 2025-04-11 9.3 HIGH N/A
Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.
CVE-2012-2515 2 Emc, Ge 7 Captiva Quickscan Pro, Documentum Applicationxtender Desktop, Intelligent Platforms Proficy Batch Execution and 4 more 2025-04-11 9.3 HIGH N/A
Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platfo ...

Show More
CVE-2012-2291 3 Apple, Emc, Hp 4 Mac Os X, Avamar, Avamar Plugin and 1 more 2025-04-11 7.2 HIGH N/A
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
CVE-2012-2279 2 Emc, Rsa 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance 2025-04-11 6.4 MEDIUM N/A
Open redirect vulnerability in the Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-2285 1 Emc 2 Cloud Tiering Appliance, Cloud Tiering Appliance Virtual Edition 2025-04-11 6.8 MEDIUM N/A
EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, and Cloud Tiering Appliance Virtual Edition (CTA/VE) 9.0 and earlier, allows remote attackers to obtain GUI administrative access by sending a crafted file during the authentication phase.
CVE-2012-2277 1 Emc 1 Documentum Information Rights Management 2025-04-11 7.8 HIGH N/A
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands.
CVE-2013-3277 1 Emc 1 Rsa Archer Egrc 2025-04-11 5.8 MEDIUM N/A
Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2011-1421 1 Emc 1 Networker 2025-04-11 6.9 MEDIUM N/A
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.
CVE-2010-2860 1 Emc 1 Celerra Network Attached Storage 2025-04-11 9.3 HIGH N/A
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests.
CVE-2013-6176 1 Emc 1 Document Sciences Xpression 2025-04-11 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote authenticated users to execute arbitrary SQL commands via unspecified input to a (1) xAdmin or (2) xDashboard form.
CVE-2012-0407 1 Emc 1 Data Protection Advisor 2025-04-11 5.0 MEDIUM N/A
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
CVE-2012-0396 1 Emc 1 Documentum Xplore 2025-04-11 4.0 MEDIUM N/A
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.
CVE-2012-2276 1 Emc 1 Documentum Information Rights Management 2025-04-11 7.8 HIGH N/A
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.
CVE-2013-6177 1 Emc 1 Document Sciences Xpression 2025-04-11 3.5 LOW N/A
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.
CVE-2010-1904 1 Emc 1 Rsa Key Manager Client 2025-04-11 6.8 MEDIUM N/A
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data.
CVE-2011-2733 1 Emc 1 Rsa Adaptive Authentication On-premise 2025-04-11 7.5 HIGH N/A
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.
CVE-2012-2294 1 Emc 2 Rsa Archer Egrc, Rsa Archer Smartsuite 2025-04-11 6.8 MEDIUM N/A
EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page.
CVE-2009-2754 2 Emc, Ibm 2 Legato Networker, Informix Dynamic Server 2025-04-11 10.0 HIGH N/A
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
CVE-2012-4614 1 Emc 1 It Operations Intelligence 2025-04-11 9.3 HIGH N/A
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session.
CVE-2011-1420 2 Emc, Oracle 2 Data Protection Advisor Collector, Solaris Sparc 2025-04-11 7.2 HIGH N/A
EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
CVE-2011-1740 1 Emc 1 Avamar 2025-04-11 7.7 HIGH N/A
EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.
CVE-2014-0625 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2025-04-11 5.0 MEDIUM N/A
The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered.
CVE-2012-2289 1 Emc 2 Applicationxtender Desktop, Applicationxtender Web Access .net 2025-04-11 7.5 HIGH N/A
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.
CVE-2012-2288 1 Emc 1 Networker 2025-04-11 9.3 HIGH N/A
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
CVE-2012-0406 1 Emc 1 Data Protection Advisor 2025-04-11 7.8 HIGH N/A
The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.
CVE-2011-0442 1 Emc 1 Avamar 2025-04-11 3.5 LOW N/A
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-6174 1 Emc 1 Document Sciences Xpression 2025-04-11 5.8 MEDIUM N/A
Multiple open redirect vulnerabilities in xAdmin in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.
CVE-2013-3270 1 Emc 3 Celerra Control Station, Vnx, Vnx Control Station 2025-04-11 6.8 MEDIUM N/A
EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership.
CVE-2013-0938 1 Emc 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4608 1 Emc 1 Rsa Netwitness Informer 2025-04-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-3276 1 Emc 1 Rsa Archer Egrc 2025-04-11 6.0 MEDIUM N/A
EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account.
CVE-2011-1424 3 Emc, Ibm, Microsoft 4 Sourceone Email Management, Lotus Domino, Lotus Notes and 1 more 2025-04-11 3.5 LOW N/A
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
CVE-2012-2293 1 Emc 2 Rsa Archer Egrc, Rsa Archer Smartsuite 2025-04-11 6.5 MEDIUM N/A
Directory traversal vulnerability in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allows remote authenticated users to upload files, and consequently execute arbitrary code, via a relative path.