| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-3729 |
120 |
|
Overflow |
2019-09-30 |
2019-10-09 |
2.7 |
None |
Local Network |
Low |
Single system |
None |
None |
Partial |
|
RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. |
|
2 |
CVE-2018-11079 |
522 |
|
|
2018-10-18 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database. |
|
3 |
CVE-2018-11068 |
459 |
|
|
2018-09-11 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. |
|
4 |
CVE-2018-11055 |
404 |
|
|
2018-08-31 |
2019-07-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. |
|
5 |
CVE-2017-8001 |
532 |
|
|
2017-11-28 |
2019-10-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. |
|
6 |
CVE-2016-9869 |
275 |
|
|
2017-01-06 |
2017-01-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorrect permissions on the SCINI driver may allow a low-privileged local attacker to modify the configuration and render the ScaleIO Data Client (SDC) server unavailable. |
|
7 |
CVE-2016-9868 |
254 |
|
|
2017-01-06 |
2017-01-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. |
|
8 |
CVE-2016-6650 |
200 |
|
+Info |
2017-03-21 |
2017-07-11 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual Machines versions prior to 5.0 have an SSL Stripping Vulnerability that may potentially be exploited by malicious users to compromise the affected system. |
|
9 |
CVE-2016-6648 |
275 |
|
|
2017-02-03 |
2017-03-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system. |
|
10 |
CVE-2016-0923 |
327 |
|
|
2016-09-17 |
2017-07-29 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used. |
|
11 |
CVE-2016-0887 |
200 |
|
+Info |
2016-04-12 |
2019-08-27 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. |
|
12 |
CVE-2015-6847 |
200 |
|
+Info |
2015-11-18 |
2016-12-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file. |
|
13 |
CVE-2015-0536 |
189 |
|
DoS |
2015-08-20 |
2016-11-28 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787. |
|
14 |
CVE-2015-0527 |
200 |
|
+Info |
2015-03-23 |
2015-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file. |
|
15 |
CVE-2015-0519 |
200 |
|
+Info |
2015-02-14 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file. |
|
16 |
CVE-2014-4620 |
200 |
|
+Info |
2014-10-25 |
2017-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files. |
|
17 |
CVE-2014-0624 |
|
|
+Priv Bypass |
2014-03-06 |
2014-03-07 |
2.7 |
None |
Local Network |
Low |
Single system |
Partial |
None |
None |
|
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions via unspecified vectors. |
|
18 |
CVE-2013-6181 |
310 |
|
+Info |
2013-12-27 |
2014-01-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. |
|
19 |
CVE-2013-3272 |
255 |
|
+Info |
2013-07-08 |
2013-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Replication Manager (RM) before 5.4.4 places encoded passwords in application log files, which makes it easier for local users to obtain sensitive information by reading a file and conducting an unspecified decoding attack. |
|
20 |
CVE-2012-4615 |
310 |
1
|
+Info |
2012-11-27 |
2013-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors. |
|
21 |
CVE-2012-2286 |
|
|
+Info |
2012-10-10 |
2013-02-12 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. |
|
22 |
CVE-2012-2284 |
255 |
|
|
2012-10-18 |
2013-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. |
|
23 |
CVE-2011-4142 |
255 |
|
+Info |
2012-01-19 |
2012-01-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. |
|
24 |
CVE-2011-1742 |
310 |
|
+Info |
2011-08-01 |
2018-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file. |
|
25 |
CVE-2007-5024 |
310 |
|
+Info |
2007-09-21 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
EMC VMware Server before 1.0.4 Build 56528 writes passwords in cleartext to unspecified log files, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2005-3620. |
