CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6647
https://notcve.org/view.php?id=CVE-2016-6647
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en EMC ViPR SRM en versiones anteriores a 4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2016/Sep/62 http://www.securityfocus.com/bid/93187 http://www.securitytracker.com/id/1036904 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0918
https://notcve.org/view.php?id=CVE-2016-0918
EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x before 6.9.1 P15 and RSA Via Lifecycle and Governance before 7.0.0 P04 allow remote authenticated users to obtain User Detail Popup information via a modified URL. EMC RSA Identity Management and Governance en versiones anteriores a 6.8.1 P25 y 6.9.x en versiones anteriores a 6.9.1 P15 y RSA Via Lifecycle and Governance en versiones anteriores a 7.0.0 P04 permiten a usuarios remotos autenticados obtener información de User Detail Popup a través de una URL modificada. • http://seclists.org/bugtraq/2016/Sep/52 http://www.securityfocus.com/bid/93108 http://www.securitytracker.com/id/1036896 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0925
https://notcve.org/view.php?id=CVE-2016-0925
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en la aplicación Case Management en EMC RSA Adaptive Authentication (On-Premise) en versiones anteriores a 6.0.2.1.SP3.P4 HF210, 7.0.x y 7.1.x en versiones anteriores a 7.1.0.0.SP0.P6 HF50 y 7.2.x en versiones anteriores a 7.2.0.0.SP0.P0 HF20 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://seclists.org/bugtraq/2016/Sep/33 http://www.securityfocus.com/bid/93025 http://www.securitytracker.com/id/1036851 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 13EXPL: 0CVE-2016-0917
https://notcve.org/view.php?id=CVE-2016-0917
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. El servicio SMB en EMC VNXe (VNXe3200 Operating Environment anterior a 3.1.5.8711957 y VNXe3100/3150/3300 Operating Environment anterior a 2.4.4.22638) VNX1 File OE en versiones anteriores a 7.1.80.3, VNX2 File OE en versiones anteriores a 8.1.9.155, y Celerra (en todas las versiones) no previene nonces de desafío-respuesta NTLM duplicados, lo que facilita a atacantes remotos ejecutar código arbitrario, leer o escribir archivos, a través de una serie de peticiones de autenticación, un problema relacionado con CVE-2010-0231. • http://seclists.org/bugtraq/2016/Sep/32 http://www.securityfocus.com/archive/1/539993/30/0/threaded http://www.securityfocus.com/bid/93023 http://www.securitytracker.com/id/1036843 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0905
https://notcve.org/view.php?id=CVE-2016-0905
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 permiten a usuarios locales obtener privilegios de root aprovechando el acceso de administrador e introduciendo un comando sudo. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93032 http://www.securitytracker.com/id/1036844 • CWE-264: Permissions, Privileges, and Access Controls •