Search

Search Results (366256 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1899 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
CVE-2015-0516 1 Emc 2 Vipr Srm, Watch4net 2025-04-12 N/A
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2015-0517 1 Emc 1 Documentum D2 2025-04-12 N/A
The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticated users to obtain sensitive information by reading a file.
CVE-2015-0518 1 Emc 1 Documentum D2 2025-04-12 N/A
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions.
CVE-2015-0519 1 Emc 1 Captiva Capture 2025-04-12 N/A
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file.
CVE-2015-0521 1 Emc 2 Rsa Certificate Manager, Rsa Registration Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
CVE-2015-0522 1 Emc 2 Rsa Certificate Manager, Rsa Registration Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.
CVE-2015-0523 1 Emc 2 Rsa Certificate Manager, Rsa Registration Manager 2025-04-12 N/A
EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invalid MIME e-mail message with a multipart/* Content-Type header.
CVE-2015-0524 1 Emc 1 Secure Remote Services 2025-04-12 N/A
SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0525 1 Emc 1 Secure Remote Services 2025-04-12 N/A
The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2015-0526 1 Emc 1 Rsa Validation Manager 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.
CVE-2015-0527 1 Emc 1 Documentum Xcelerated Management System 2025-04-12 N/A
EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive information by reading a file.
CVE-2015-0528 1 Emc 1 Isilon Onefs 2025-04-12 N/A
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.
CVE-2015-0529 1 Emc 1 Powerpath Virtual Appliance 2025-04-12 N/A
EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive information via a login session.
CVE-2015-0530 1 Emc 1 Networker 2025-04-12 N/A
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.
CVE-2015-0531 1 Emc 1 Sourceone Email Management 2025-04-12 N/A
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2015-0532 1 Emc 1 Rsa Identity Management And Governance 2025-04-12 N/A
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.
CVE-2015-0540 1 Emc 1 Document Sciences Xpression 2025-04-12 N/A
SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0533 1 Dell 2 Bsafe, Bsafe Ssl-c 2025-04-12 7.5 High
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572.
CVE-2015-0534 1 Dell 3 Bsafe, Bsafe Ssl-c, Bsafe Ssl-j 2025-04-12 7.5 High
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.