Vulnerabilities > EMC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-05 | CVE-2016-0913 | Improper Input Validation vulnerability in EMC products The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. | 7.5 |
| 2016-09-21 | CVE-2016-0920 | Command Injection vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132 Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. | 7.2 |
| 2016-09-21 | CVE-2016-0917 | Permissions, Privileges, and Access Controls vulnerability in EMC products The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. | 7.5 |
| 2016-09-21 | CVE-2016-0905 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar Server 7.2.0401/7.2.131/7.2.132 Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. | 7.2 |
| 2015-12-28 | CVE-2015-6850 | Permissions, Privileges, and Access Controls vulnerability in EMC Vplex Geosynchrony 5.4/5.5 EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | 7.2 |
| 2015-12-05 | CVE-2015-6849 | Improper Input Validation vulnerability in EMC Networker EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. | 7.8 |
| 2015-11-27 | CVE-2015-6848 | Improper Access Control vulnerability in EMC Isilon Onefs EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | 8.5 |
| 2015-10-18 | CVE-2015-6845 | Unspecified vulnerability in EMC Sourceone Email Supervisor EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | 7.5 |
| 2015-10-02 | CVE-2015-4546 | Path Traversal vulnerability in EMC RSA Certificate Manager and RSA Onestep Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter. | 7.8 |
| 2015-09-04 | CVE-2015-4538 | XML External Entity Injection vulnerability in EMC Atmos 2.2.3/2.3.0 The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 7.5 |