Filtered by vendor Emc Subscriptions
Total 414 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-6078 1 Emc 2 Rsa Bsafe Toolkits, Rsa Data Protection Manager 2025-04-12 N/A
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change.
CVE-2012-2276 1 Emc 1 Documentum Information Rights Management 2025-04-11 N/A
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number.
CVE-2013-3273 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2025-04-11 N/A
EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by reading the trace log file.
CVE-2013-3278 1 Emc 4 Geosynchrony, Vplex Geo, Vplex Local and 1 more 2025-04-11 N/A
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file.
CVE-2013-3280 1 Emc 1 Rsa Authentication Agent 2025-04-11 N/A
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash.
CVE-2013-3288 1 Emc 1 Rsa Data Protection Manager Appliance 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-6173 1 Emc 1 Document Sciences Xpression 2025-04-11 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions in (1) xAdmin or (2) xDashboard.
CVE-2013-6175 1 Emc 1 Document Sciences Xpression 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form.
CVE-2013-6180 1 Emc 2 Rsa Netwitness Nextgen, Rsa Security Analytics 2025-04-11 N/A
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent.
CVE-2014-0627 2 Dell, Emc 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j 2025-04-11 N/A
The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state.
CVE-2011-0647 1 Emc 2 Networker Module, Replication Manager 2025-04-11 N/A
The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
CVE-2010-0620 1 Emc 1 Homebase Server 2025-04-11 N/A
Directory traversal vulnerability in the SSL Service in EMC HomeBase Server 6.2.x before 6.2.3 and 6.3.x before 6.3.2 allows remote attackers to overwrite arbitrary files with any content, and consequently execute arbitrary code, via a .. (dot dot) in an unspecified parameter.
CVE-2010-1904 1 Emc 1 Rsa Key Manager Client 2025-04-11 N/A
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data.
CVE-2010-1919 1 Emc 1 Avamar 2025-04-11 N/A
Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.
CVE-2010-2633 1 Emc 4 Disk Library, Disk Library 4100, Disk Library 4200 and 1 more 2025-04-11 N/A
Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, 3.3.x before 3.3.2 epatch 8, and 4.0.x before 4.0.1 epatch 4 allows remote attackers to cause a denial of service (communication-module crash) by sending a crafted message through TCP.
CVE-2010-2860 1 Emc 1 Celerra Network Attached Storage 2025-04-11 N/A
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests.
CVE-2011-0442 1 Emc 1 Avamar 2025-04-11 N/A
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.
CVE-2011-0648 1 Emc 1 Avamar 2025-04-11 N/A
Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.
CVE-2011-1420 2 Emc, Oracle 2 Data Protection Advisor Collector, Solaris Sparc 2025-04-11 N/A
EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
CVE-2011-1421 1 Emc 1 Networker 2025-04-11 N/A
EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the client push feature is enabled, uses weak permissions for an unspecified file, which allows local users to gain privileges via unknown vectors.