8 results (0.003 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

01 Jul 2025 — Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. Dell NetWorker, versiones 19.12.0.1 y anteriores, contiene una vulnerabilidad de selección de algoritmos menos seguros durante la negociación («Degradación del algoritmo»). Un atacante no autenticado con acceso remoto podría explotar ... • https://www.dell.com/support/kbdoc/en-us/000338757/dsa-2025-268-security-update-for-dell-networker-selection-of-less-secure-algorithm-during-negotiation-vulnerability • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

25 Jan 2024 — Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. Networker 19.9 y todas las version... • https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities • CWE-256: Plaintext Storage of a Password CWE-522: Insufficiently Protected Credentials •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

31 May 2023 — Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity. Dell NetWorker... • https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

30 May 2023 — Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. • https://www.dell.com/support/kbdoc/en-us/000210963/dsa-2023-059-dell-networker-security-update-for-a-rabbitmq-vulnerability-related-to-improper-validation-of-hostname-in-rabbitmq-startup-script-which-fails-to-replace-ca-signed-certificates • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •

CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0

05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection A... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-287: Improper Authentication •

CVSS: 9.0EPSS: 2%CPEs: 18EXPL: 0

05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.0EPSS: 3%CPEs: 18EXPL: 0

05 Jan 2018 — An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2... • http://seclists.org/fulldisclosure/2018/Jan/17 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.1EPSS: 1%CPEs: 25EXPL: 0

16 Oct 2017 — An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). The Server service (nsrd) is affected by a buffer overflow vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on vulnerable installations of the software, or cause a denial of service, depending on the target system's platform. Se ha descubierto un problema en EMC NetWorker (versiones anteriores a la 8.2.4.9, todas l... • http://seclists.org/fulldisclosure/2017/Oct/35 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •