Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Emc
Angry Yack Logo
Total 414 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0930 1 Emc 1 Alphastor 2025-04-11 7.6 HIGH N/A
Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.
CVE-2013-6178 1 Emc 1 Rsa Archer Egrc 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2633 1 Emc 4 Disk Library, Disk Library 4100, Disk Library 4200 and 1 more 2025-04-11 7.8 HIGH N/A
Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP.
CVE-2011-4142 1 Emc 1 Sourceone Email Management 2025-04-11 2.1 LOW N/A
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.
CVE-2013-3278 1 Emc 4 Geosynchrony, Vplex Geo, Vplex Local and 1 more 2025-04-11 4.9 MEDIUM N/A
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.
CVE-2012-2290 1 Emc 1 Networker Module For Microsoft Applications 2025-04-11 9.3 HIGH N/A
The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
CVE-2012-0398 1 Emc 1 Documentum Eroom 2025-04-11 7.5 HIGH N/A
EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors.
CVE-2013-3275 1 Emc 2 Avamar Server, Avamar Server Virtual Edition 2025-04-11 4.3 MEDIUM N/A
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilities."
CVE-2013-0945 1 Emc 1 Avamar 2025-04-11 9.3 HIGH N/A
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-0928 1 Emc 1 Alphastor 2025-04-11 9.3 HIGH N/A
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
CVE-2013-3286 1 Emc 1 Documentum Eroom 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-3273 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2025-04-11 2.1 LOW N/A
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
CVE-2011-1743 1 Emc 1 Captiva Einput 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3280 1 Emc 1 Rsa Authentication Agent 2025-04-11 7.5 HIGH N/A
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.
CVE-2011-4144 2 Centos, Emc 2 Centos, Documentum Content Server 2025-04-11 6.8 MEDIUM N/A
Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveraging system administrator privileges.
CVE-2013-0935 1 Emc 1 Smarts Network Configuration Manager 2025-04-11 9.3 HIGH N/A
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-0620 1 Emc 1 Homebase Server 2025-04-11 9.3 HIGH N/A
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.
CVE-2014-0626 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2025-04-11 5.0 MEDIUM N/A
The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated.
CVE-2013-3279 1 Emc 1 Atmos 2025-04-11 5.0 MEDIUM N/A
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.
CVE-2013-0937 1 Emc 4 Documentum Records Manager, Documentum Taskspace, Documentum Wdk and 1 more 2025-04-11 5.8 MEDIUM N/A
Session fixation vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2013-0942 3 Apache, Emc, Microsoft 3 Http Server, Rsa Authentication Agent, Internet Information Server 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6182 1 Emc 1 Replication Manager 2025-04-11 7.2 HIGH N/A
Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory.
CVE-2011-1423 1 Emc 1 Data Loss Prevention Enterprise Manager 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2740 2 Emc, Mozilla 2 Rsa Key Manager Appliance, Firefox 2025-04-11 9.3 HIGH N/A
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
CVE-2012-2282 1 Emc 3 Celerra Network Server, Vnx, Vnxe 2025-04-11 6.5 MEDIUM N/A
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request.
CVE-2013-3281 1 Emc 7 Documentum Administrator, Documentum Capital Projects, Documentum Digital Asset Manager and 4 more 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL.
CVE-2012-4612 1 Emc 2 Rsa Data Protection Manager Appliance, Rsa Data Protection Manager Software Server 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-3271 1 Emc 1 Rsa Authentication Agent 2025-04-11 5.0 MEDIUM N/A
EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote attackers to discover correct login credentials via a brute-force attack.
CVE-2012-4609 1 Emc 1 Rsa Netwitness Informer 2025-04-11 4.3 MEDIUM N/A
The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2014-0627 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2025-04-11 5.0 MEDIUM N/A
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
CVE-2013-0934 1 Emc 2 Rsa Archer Egrc, Rsa Archer Smartsuite 2025-04-11 4.0 MEDIUM N/A
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
CVE-2013-3272 1 Emc 1 Replication Manager 2025-04-11 2.1 LOW N/A
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack.
CVE-2012-4615 1 Emc 1 It Operations Intelligence 2025-04-11 2.1 LOW N/A
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2013-0946 1 Emc 1 Alphastor 2025-04-11 9.3 HIGH N/A
Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor 4.0 before build 910 allows remote attackers to execute arbitrary code via crafted commands.
CVE-2011-1422 1 Emc 1 Rsa Adaptive Authentication On-premise 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in an unspecified Shockwave Flash file in EMC RSA Adaptive Authentication On-Premise (AAOP) 2.x, 5.7.x, and 6.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2013-6810 1 Emc 1 Connectrix Manager 2025-04-11 10.0 HIGH N/A
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
CVE-2013-0932 1 Emc 2 Rsa Archer Egrc, Rsa Archer Smartsuite 2025-04-11 4.0 MEDIUM N/A
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors.
CVE-2012-2287 2 Emc, Microsoft 4 Rsa Authentication Agent, Rsa Authentication Client, Windows Server 2003 and 1 more 2025-04-11 8.5 HIGH N/A
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
CVE-2011-2738 2 Cisco, Emc 6 Ciscoworks Lan Management Solution, Unified Operations Manager, Unified Service Monitor and 3 more 2025-04-11 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code v ...

Show More
CVE-2012-2280 2 Emc, Rsa 3 Rsa Authentication Manager, Authentication Manager, Securid Appliance 2025-04-11 5.0 MEDIUM N/A
EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 do not properly use frames, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "Cross frame scripting vulnerability."