CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9868
https://notcve.org/view.php?id=CVE-2016-9868
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot. Se descubrió un problema en EMC ScaleIO en versiones anteriores a 2.0.1.1. Un atacante local con pocos privilegios podría provocar una denegación de servicio generando un kernel panic en el controlador SCINI usando llamadas IOCTL las cuales pueden hacer que el servidor ScaleIO Data Client (SDC) no esté disponible hasta el siguiente reinicio. • http://www.securityfocus.com/archive/1/539983/30/0/threaded http://www.securityfocus.com/bid/95301 • CWE-254: 7PK - Security Features •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0909
https://notcve.org/view.php?id=CVE-2016-0909
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users. EMC Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en versiones 7.3 y versiones anteriores contienen una vulnerabilidad que podría exponer a los servidores Avamar a ser potencialmente comprometidos por usuarios maliciosos. • http://www.securityfocus.com/archive/1/539613 http://www.securityfocus.com/bid/93788 http://www.securitytracker.com/id/1037066 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 0CVE-2016-6645
https://notcve.org/view.php?id=CVE-2016-6645
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. La aplicación web vApp Managers en EMC Unisphere para VMAX Virtual Appliance 8.x en versiones anteriores a 8.3.0 y Solutions Enabler Virtual Appliance 8.x en versiones anteriores a 8.3.0 permite a usuarios remotos autenticados ejecutar código arbitrario a través de entrada manipulada para la clase (1) GeneralCmdRequest, (2) PersistantDataRequest o (3) GetCommandExecRequest. • http://seclists.org/bugtraq/2016/Oct/7 http://www.securityfocus.com/bid/93343 http://www.securitytracker.com/id/1036941 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 5%CPEs: 10EXPL: 0CVE-2016-6646
https://notcve.org/view.php?id=CVE-2016-6646
The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. La aplicación web vApp Managers en EMC Unisphere para VMAX Virtual Appliance 8.x en versiones anteriores a 8.3.0 y Solutions Enabler Virtual Appliance 8.x en versiones anteriores a 8.3.0 permite a atacantes remotos ejecutar código arbitrario a través de entrada manipulada para la clase (1) GetSymmCmdRequest o (2) RemoteServiceHandler. • http://seclists.org/bugtraq/2016/Oct/7 http://www.securityfocus.com/bid/93343 http://www.securitytracker.com/id/1036941 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0913
https://notcve.org/view.php?id=CVE-2016-0913
The client in EMC Replication Manager (RM) before 5.5.3.0_01-PatchHotfix, EMC Network Module for Microsoft 3.x, and EMC Networker Module for Microsoft 8.2.x before 8.2.3.6 allows remote RM servers to execute arbitrary commands by placing a crafted script in an SMB share. El cliente en EMC Replication Manager (RM) en versiones anteriores a 5.5.3.0_01-PatchHotfix, EMC Network Module para Microsoft 3.x y EMC Networker Module para Microsoft 8.2.x en versiones anteriores a 8.2.3.6 permite a servidores RM remotos ejecutar comandos arbitrarios colocando una secuencia de comandos manipulada en un recurso compartido SMB. • http://seclists.org/bugtraq/2016/Oct/6 http://www.securityfocus.com/bid/93348 http://www.securitytracker.com/id/1036940 • CWE-20: Improper Input Validation •