CVE-2017-15549
https://notcve.org/view.php?id=CVE-2017-15549
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso con bajos privilegios podría cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicación del sistema de archivos del servidor. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102363 http://www.securitytracker.com/id/1040070 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-15548
https://notcve.org/view.php?id=CVE-2017-15548
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso no autenticado puede omitir la autenticación de la aplicación y obtener acceso root no autorizado a los sistemas afectados. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102352 http://www.securitytracker.com/id/1040070 • CWE-287: Improper Authentication •
CVE-2017-8022
https://notcve.org/view.php?id=CVE-2017-8022
An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform. Se ha descubierto un problema en EMC NetWorker (versiones anteriores a la 8.2.4.9, todas las versiones 9.0.x con soporte, las anteriores a la 9.1.1.3 y las anteriores a la 9.2.0.4). El servicio Server (nsrd) se ha visto afectado por una vulnerabilidad de desbordamiento de búfer. • http://seclists.org/fulldisclosure/2017/Oct/35 http://www.securitytracker.com/id/1039583 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-0916
https://notcve.org/view.php?id=CVE-2016-0916
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. EMC NetWorker 8.2.1.x y 8.2.2.x en versiones anteriores a 8.2.2.6 y 9.x en versiones anteriores a 9.0.0.6 no maneja adecuadamente la autenticación, lo que permite a atacantes remotos ejecutar comandos arbitrarios aprovechando el acceso a una instancia de NetWorker diferente. • http://seclists.org/bugtraq/2016/Jun/43 http://www.securitytracker.com/id/1036075 • CWE-287: Improper Authentication •
CVE-2015-6849
https://notcve.org/view.php?id=CVE-2015-6849
EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. EMC NetWorker en versiones anteriores a 8.0.4.5, 8.1.x en versiones anteriores a 8.1.3.6, 8.2.x en versiones anteriores a 8.2.2.2 y 9.0 en versiones anteriores a build 407 permite a atacantes remotos causar una denegación de servicio (interrupción de proceso) a través de mensajes de autenticación RPC mal formados. • http://seclists.org/bugtraq/2015/Dec/18 http://www.securitytracker.com/id/1034287 • CWE-20: Improper Input Validation •