Vulnerabilities > EMC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-01-21 | CVE-2012-2291 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar and Avamar Plugin EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. | 7.2 |
| 2013-01-17 | CVE-2012-4607 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Networker Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. | 9.3 |
| 2012-12-26 | CVE-2012-4616 | Path Traversal vulnerability in EMC Data Protection Advisor 5.6/5.7/5.8 Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
| 2012-12-05 | CVE-2012-4609 | Improper Input Validation vulnerability in EMC RSA Netwitness Informer The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | 4.3 |
| 2012-12-05 | CVE-2012-4608 | Cross-Site Request Forgery (CSRF) vulnerability in EMC RSA Netwitness Informer Cross-site request forgery (CSRF) vulnerability in the web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2012-11-27 | CVE-2012-4615 | Cryptographic Issues vulnerability in EMC IT Operations Intelligence 9.0 EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |
| 2012-11-27 | CVE-2012-4614 | Improper Authentication vulnerability in EMC IT Operations Intelligence 9.0 The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session. | 9.3 |
| 2012-11-27 | CVE-2012-4611 | Cross-Site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-11-16 | CVE-2012-4613 | Improper Authentication vulnerability in EMC RSA Data Protection Manager Appliance EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack. | 6.9 |
| 2012-11-16 | CVE-2012-4612 | Cross-Site Scripting vulnerability in EMC products Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |