CVE-2016-0905
https://notcve.org/view.php?id=CVE-2016-0905
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 permiten a usuarios locales obtener privilegios de root aprovechando el acceso de administrador e introduciendo un comando sudo. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93032 http://www.securitytracker.com/id/1036844 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0920
https://notcve.org/view.php?id=CVE-2016-0920
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 permiten a usuarios locales obtener acceso de root a través de un parámetro manipulado para un comando que está disponible en la configuración de sudo. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securitytracker.com/id/1036844 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-0921
https://notcve.org/view.php?id=CVE-2016-0921
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 utiliza permisos débiles para directorios no especificados, lo que permite a usuarios locales obtener acceso de root mediante el reemplazo de una secuencia de comandos con un programa con troyano. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93032 http://www.securitytracker.com/id/1036844 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-4527
https://notcve.org/view.php?id=CVE-2015-4527
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters. Vulnerabilidad de salto de directorio en EMC Avamar Server 7.x anterior a 7.1.2 y Avamar Virtual Addition (AVE) 7.x anterior a 7.1.2, permite a atacantes remotos leer archivos arbitrarios por medio de la interfaz de cliente Avamar Desktop/Laptop para enviar parámetros manipulados. • http://seclists.org/bugtraq/2015/Jul/110 http://www.securitytracker.com/id/1033026 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •