Vulnerabilities (CVE)

Filtered by vendor Emc Subscribe
Total 416 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-45103 4 Emc, Lenovo, Microsoft and 1 more 4 Vmware, Xclarity Administrator, Windows and 1 more 2024-09-19 N/A 4.3 MEDIUM
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
CVE-2024-45104 4 Emc, Lenovo, Microsoft and 1 more 4 Vmware, Xclarity Administrator, Windows and 1 more 2024-09-19 N/A 6.5 MEDIUM
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
CVE-2017-10955 1 Emc 1 Data Protection Advisor 2024-08-05 9.0 HIGH 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. When parsing the preScript parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute arbitrary code under the context of SYSTEM. Was ZDI-CAN-4697. NOTE: Dell EMC disputes that this is a vulnerability
CVE-2024-0454 1 Emc 2 Elan Match-on-chip Fpr Solution, Elan Match-on-chip Fpr Solution Firmware 2024-02-28 N/A 6.1 MEDIUM
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
CVE-2023-32458 1 Emc 1 Appsync 2024-02-28 N/A 7.8 HIGH
Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.
CVE-2021-25252 7 Apple, Emc, Linux and 4 more 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2020-5339 1 Emc 1 Rsa Authentication Manager 2024-02-28 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.
CVE-2020-5346 1 Emc 1 Rsa Authentication Manager 2024-02-28 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P11 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected page, the injected scripts could potentially be executed in their browser.
CVE-2020-5340 1 Emc 1 Rsa Authentication Manager 2024-02-28 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators attempt to change the default security domain mapping, the injected scripts could potentially be executed in their browser.
CVE-2019-3732 2 Dell, Emc 3 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Rsa Bsafe Crypto-c 2024-02-28 5.0 MEDIUM 7.5 HIGH
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2019-3768 1 Emc 1 Rsa Authentication Manager 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
RSA Authentication Manager versions prior to 8.4 P7 contain an XML Entity Injection Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to cause information disclosure of local system files by supplying specially crafted XML message.
CVE-2019-3733 2 Dell, Emc 2 Bsafe Crypto-c-micro-edition, Rsa Bsafe Crypto-c 2024-02-28 4.0 MEDIUM 4.9 MEDIUM
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
CVE-2019-18574 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2024-02-28 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager software versions prior to 8.4 P8 contain a stored cross-site scripting vulnerability in the Security Console. A malicious Security Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface which could then be included in a report. When other Security Console administrators open the affected report, the injected scripts could potentially be executed in their browser.
CVE-2019-3711 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2024-02-28 4.0 MEDIUM 7.2 HIGH
RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks.
CVE-2018-11049 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2024-02-28 6.9 MEDIUM 7.3 HIGH
RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG releases have an uncontrolled search vulnerability. The installation scripts set an environment variable in an unintended manner. A local authenticated malicious user could trick the root user to run malicious code on the targeted system.
CVE-2018-15771 1 Emc 2 Recoverpoint, Recoverpoint For Virtual Machines 2024-02-28 4.9 MEDIUM 5.5 MEDIUM
Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. A malicious boxmgmt user may potentially be able to determine the existence of any system file via Boxmgmt CLI.
CVE-2018-11071 1 Emc 2 Isilon Onefs, Isilonsd Edge 2024-02-28 5.0 MEDIUM 7.5 HIGH
Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.
CVE-2018-11079 1 Emc 1 Secure Remote Services 2024-02-28 2.1 LOW 7.8 HIGH
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database.
CVE-2018-11074 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application.
CVE-2018-11073 2 Emc, Rsa 2 Rsa Authentication Manager, Authentication Manager 2024-02-28 3.5 LOW 4.8 MEDIUM
RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. A malicious Operations Console administrator could exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other Operations Console administrators open the affected page, the injected scripts could potentially be executed in their browser.