Filtered by vendor Emc
Subscriptions
Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2511 | 1 Emc | 8 Digital Assets Manager, Documentum Administrator, Documentum Capital Projects and 5 more | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter. | ||||
| CVE-2014-2512 | 1 Emc | 1 Documentum Eroom | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-6844 | 1 Emc | 1 Sourceone Email Supervisor | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-2515 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket. | ||||
| CVE-2014-2516 | 1 Emc | 1 Rsa Authentication Manager | 2025-04-12 | N/A |
| Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2014-2517 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to gain privileges via unknown vectors. | ||||
| CVE-2015-0528 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | N/A |
| The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. | ||||
| CVE-2015-0514 | 1 Emc | 2 Vipr Srm, Watch4net | 2025-04-12 | N/A |
| EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. | ||||
| CVE-2015-6846 | 1 Emc | 1 Sourceone Email Supervisor | 2025-04-12 | N/A |
| EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations. | ||||
| CVE-2015-6845 | 1 Emc | 1 Sourceone Email Supervisor | 2025-04-12 | N/A |
| EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | ||||
| CVE-2014-4629 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference. | ||||
| CVE-2014-4623 | 1 Emc | 1 Avamar | 2025-04-12 | N/A |
| EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | ||||
| CVE-2015-0548 | 1 Emc | 1 Documentum D2 | 2025-04-12 | N/A |
| The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors. | ||||
| CVE-2014-4622 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. | ||||
| CVE-2014-4633 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-4634 | 1 Emc | 2 Appsync, Replication Manager | 2025-04-12 | N/A |
| Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | ||||
| CVE-2014-4636 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to hijack the authentication of arbitrary users for requests that perform Docbase operations. | ||||
| CVE-2014-4638 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | N/A |
| EMC Documentum Web Development Kit (WDK) before 6.8 allows remote attackers to conduct frame-injection attacks and obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-0512 | 1 Emc | 1 Unisphere Central | 2025-04-12 | N/A |
| Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | ||||
| CVE-2014-4621 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | ||||