| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. |
| EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership. |
| EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file. |
| EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file. |
| Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. |
| Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard. |
| EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. |
| The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors. |
| The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. |
| Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow. |
| nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. |
| Unspecified vulnerability in a guest virtual device driver in VMware Workstation before 5.5.9 build 126128, and 6.5.1 and earlier 6.x versions; VMware Player before 1.0.9 build 126128, and 2.5.1 and earlier 2.x versions; VMware ACE before 1.0.8 build 125922, and 2.5.1 and earlier 2.x versions; VMware Server 1.x before 1.0.8 build 126538 and 2.0.x before 2.0.1 build 156745; VMware Fusion before 2.0.1; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to cause a denial of service (host OS crash) via unknown vectors. |
| Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface. |
| EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." |
| Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests. |
| The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. |
| The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer. |
| rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144. |
| Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.2.3160.0 in EMC Captiva PixTools Distributed Imaging 2.2 allow remote attackers to create or overwrite arbitrary files via the (1) SetLogFileName and (2) WriteToLog methods. |
