CVE-2016-0920
https://notcve.org/view.php?id=CVE-2016-0920
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 permiten a usuarios locales obtener acceso de root a través de un parámetro manipulado para un comando que está disponible en la configuración de sudo. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securitytracker.com/id/1036844 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2016-0903
https://notcve.org/view.php?id=CVE-2016-0903
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 confía en la autenticación del lado del cliente, lo que permite a atacantes remotos suplantar a clientes y leer datos de recuperación a través de un agente de cliente modificado. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93026 http://www.securitytracker.com/id/1036844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0921
https://notcve.org/view.php?id=CVE-2016-0921
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 utiliza permisos débiles para directorios no especificados, lo que permite a usuarios locales obtener acceso de root mediante el reemplazo de una secuencia de comandos con un programa con troyano. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93032 http://www.securitytracker.com/id/1036844 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0904
https://notcve.org/view.php?id=CVE-2016-0904
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive client-server traffic information by leveraging knowledge of this key from another installation. Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) en EMC Avamar Server en versiones anteriores a 7.3.0-233 utilizan la misma clave de cifrado a través de instalaciones de clientes diferentes, lo que permite a atacantes remotos vencer mecanismos de protección criptográfico y obtener información sensible del tráfico cliente-servidor aprovechando el conocimiento de esta clave para otra instalación. • http://seclists.org/bugtraq/2016/Sep/31 http://www.securityfocus.com/bid/93026 http://www.securitytracker.com/id/1036844 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVE-2016-6644
https://notcve.org/view.php?id=CVE-2016-6644
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. EMC Documentum D2 4.5 en versiones anteriores a patch 15 y 4.6 en versiones anteriores a patch 03 permite a atacantes remotos leer documentos Docbase arbitrarios aprovechando el conocimiento de un valor r_object_id. • http://seclists.org/bugtraq/2016/Sep/18 http://www.securityfocus.com/bid/92906 http://www.securitytracker.com/id/1036796 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •