CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15548
https://notcve.org/view.php?id=CVE-2017-15548
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso no autenticado puede omitir la autenticación de la aplicación y obtener acceso root no autorizado a los sistemas afectados. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102352 http://www.securitytracker.com/id/1040070 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15549
https://notcve.org/view.php?id=CVE-2017-15549
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could potentially upload arbitrary maliciously crafted files in any location on the server file system. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario remoto malicioso con bajos privilegios podría cargar archivos arbitrarios maliciosamente manipulados en cualquier ubicación del sistema de archivos del servidor. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102363 http://www.securitytracker.com/id/1040070 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2017-15550
https://notcve.org/view.php?id=CVE-2017-15550
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could access arbitrary files on the server file system in the context of the running vulnerable application via Path traversal. Se ha descubierto un problema en EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x y EMC Integrated Data Protection Appliance 2.0. Un usuario autenticado remoto malicioso con bajos privilegios podría acceder a archivos arbitrarios en el sistema de archivos del servidor en el contexto de la aplicación vulnerable en ejecución mediante un salto de directorio. • http://seclists.org/fulldisclosure/2018/Jan/17 http://www.securityfocus.com/bid/102358 http://www.securitytracker.com/id/1040070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 4%CPEs: 18EXPL: 0CVE-2008-6219
https://notcve.org/view.php?id=CVE-2008-6219
nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests. nsrexecd.exe en multiples productos de EMC Networker incluidos EMC NetWorker Server, Storage Node, y Client v7.3.x y v7.4, v7.4.1, v7.4.2, Client y Storage Node para Open VMS v7.3.2 ECO6 y anteriores, Module for Microsoft Exchange v5.1 y anteriores, Module for Microsoft Applications v2.0 y anteriores, Module for Meditech v2.0 y anteriores, y PowerSnap v2.4 SP1 y anteriores no manejan correctamente la localizacion de memoria, lo que permite a atacantes remotos producir una denegacion de servicio (agotamiento de memoria) a traves de multiples peticiones RPC manipuladas • http://secunia.com/advisories/32383 http://www.fortiguardcenter.com/advisory/FGA-2008-23.html http://www.securityfocus.com/archive/1/497645/100/0/threaded http://www.securityfocus.com/archive/1/497666/100/0/threaded http://www.securityfocus.com/bid/31866 http://www.securitytracker.com/id?1021095 http://www.vupen.com/english/advisories/2008/2894 https://exchange.xforce.ibmcloud.com/vulnerabilities/46035 • CWE-399: Resource Management Errors •