Vulnerabilities (CVE)

Filtered by vendor Emc Subscribe
Total 416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-4987 1 Emc 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more 2024-11-21 4.4 MEDIUM 7.3 HIGH
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka an uncontrolled search path vulnerability.
CVE-2017-4986 1 Emc 1 Secure Remote Services 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-4985 1 Emc 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more 2024-11-21 7.2 HIGH 7.8 HIGH
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be exploited by an attacker to run arbitrary commands as root on the targeted VNX Control Station system.
CVE-2017-4984 1 Emc 4 Vnx1, Vnx1 Firmware, Vnx2 and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an attacker to run arbitrary code with root-level privileges on the targeted VNX Control Station system, aka remote code execution.
CVE-2017-4982 1 Emc 1 Mainframe Enablers Resourcepak Base 2024-11-21 10.0 HIGH 9.8 CRITICAL
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-4980 1 Emc 1 Isilon Onefs 2024-11-21 5.0 MEDIUM 7.5 HIGH
EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.
CVE-2017-4979 1 Emc 1 Isilon Onefs 2024-11-21 4.6 MEDIUM 7.1 HIGH
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.
CVE-2017-4977 1 Emc 1 Rsa Archer Security Operations Management 2024-11-21 1.9 LOW 7.0 HIGH
EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.
CVE-2017-4976 1 Emc 1 Esrs Policy Manager 2024-11-21 7.5 HIGH 9.8 CRITICAL
EMC ESRS Policy Manager prior to 6.8 contains an undocumented account (OpenDS admin) with a default password. A remote attacker with the knowledge of the default password may login to the system and gain administrator privileges to the local LDAP directory server.
CVE-2017-3757 1 Emc 1 Elan Touchpad Driver 2024-11-21 7.2 HIGH 7.8 HIGH
An unquoted service path vulnerability was identified in the driver for the ElanTech Touchpad, various versions, used on some Lenovo brand notebooks (not ThinkPads). This could allow an attacker with local privileges to execute code with administrative privileges.
CVE-2017-2768 1 Emc 1 Smarts Network Configuration Manager 2024-11-21 10.0 HIGH 9.8 CRITICAL
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-2767 1 Emc 1 Smarts Network Configuration Manager 2024-11-21 10.0 HIGH 9.8 CRITICAL
EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-2766 1 Emc 1 Documentum Eroom 2024-11-21 7.5 HIGH 9.8 CRITICAL
EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-2765 1 Emc 1 Isilon Insightiq 2024-11-21 7.5 HIGH 9.8 CRITICAL
EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system.
CVE-2017-15550 1 Emc 3 Avamar Server, Integrated Data Protection Appliance, Networker 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal.
CVE-2017-15549 1 Emc 3 Avamar Server, Integrated Data Protection Appliance, Networker 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system.
CVE-2017-15548 1 Emc 3 Avamar Server, Integrated Data Protection Appliance, Networker 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems.
CVE-2017-15546 1 Emc 1 Rsa Authentication Manager 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.
CVE-2017-14387 1 Emc 1 Isilon Onefs 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
CVE-2017-14385 1 Emc 2 Data Domain, Data Domain Os 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution.