Vulnerabilities > EMC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-01-21 | CVE-2013-0929 | USE of Externally-Controlled Format String vulnerability in EMC Alphastor 4.0 Format string vulnerability in the _vsnsprintf function in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary code via format string specifiers in a command. | 7.6 |
| 2013-01-21 | CVE-2012-2291 | Permissions, Privileges, and Access Controls vulnerability in EMC Avamar and Avamar Plugin EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack. | 7.2 |
| 2012-09-25 | CVE-2012-2287 | Improper Authentication vulnerability in EMC products The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host. | 8.5 |
| 2012-08-26 | CVE-2012-2289 | Permissions, Privileges, and Access Controls vulnerability in EMC products EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. | 7.5 |
| 2012-06-01 | CVE-2012-0409 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Autostart Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. | 7.5 |
| 2012-05-14 | CVE-2012-2277 | Buffer Errors vulnerability in EMC Documentum Information Rights Management 4/5 The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands. | 7.8 |
| 2012-05-14 | CVE-2012-2276 | Buffer Errors vulnerability in EMC Documentum Information Rights Management 4/5 The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via input data that (1) lacks FIPS fields or (2) has an invalid version number. | 7.8 |
| 2012-04-20 | CVE-2012-0406 | Permissions, Privileges, and Access Controls vulnerability in EMC Data Protection Advisor The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. | 7.8 |
| 2012-03-15 | CVE-2012-0398 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Eroom EMC Documentum eRoom before 7.4.4 does not properly validate session cookies, which allows remote attackers to hijack or replay sessions via unspecified vectors. | 7.5 |
| 2011-11-09 | CVE-2011-2739 | Permissions, Privileges, and Access Controls vulnerability in EMC Documentum Eroom The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | 8.5 |