IDCVSSSummaryLast (major) updatePublished
CVE-2017-15550 9.0
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could
05-01-2018 - 12:29 05-01-2018 - 12:29
CVE-2017-15549 9.0
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote authenticated malicious user with low privileges could
05-01-2018 - 12:29 05-01-2018 - 12:29
CVE-2017-15548 10.0
An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass
05-01-2018 - 12:29 05-01-2018 - 12:29
CVE-2017-4990 7.5
In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the
21-06-2017 - 16:29 21-06-2017 - 16:29
CVE-2017-4989 7.5
In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by
21-06-2017 - 16:29 21-06-2017 - 16:29
CVE-2016-0909 7.2
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3 and older contain a vulnerability that may expose the Avamar servers to potentially be compromised by malicious users.
19-02-2017 - 01:16 15-11-2016 - 14:30
CVE-2016-8214 4.6
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.
10-02-2017 - 21:59 25-01-2017 - 06:59
CVE-2016-0921 6.9
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.
28-11-2016 - 14:56 20-09-2016 - 22:59
CVE-2016-0905 7.2
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
28-11-2016 - 14:55 20-09-2016 - 22:59
CVE-2016-0904 5.0
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use the same encryption key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms and obta
28-11-2016 - 14:55 20-09-2016 - 22:59
CVE-2016-0903 6.4
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data via a modified client agent.
28-11-2016 - 14:55 20-09-2016 - 22:59
CVE-2016-0920 7.2
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.
22-09-2016 - 13:40 20-09-2016 - 22:59
CVE-2016-0906 6.5
The web-restore interface in Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar through 7.1.2 and 7.2.x through 7.2.1 allows remote authenticated users to read or delete directories via a Linux backup-restore operation.
08-07-2016 - 08:41 06-07-2016 - 10:59
CVE-2014-4623 4.3
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers
03-12-2015 - 13:01 25-10-2014 - 06:55
CVE-2015-4527 7.8
Directory traversal vulnerability in EMC Avamar Server 7.x before 7.1.2 and Avamar Virtual Addition (AVE) 7.x before 7.1.2 allows remote attackers to read arbitrary files by using the Avamar Desktop/Laptop client interface to send crafted parameters.
21-08-2015 - 12:20 23-07-2015 - 10:59
CVE-2010-1919 7.1
Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.
05-05-2014 - 00:43 28-05-2010 - 14:30
CVE-2013-3275 4.3
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, r
29-07-2013 - 00:00 19-07-2013 - 10:36
CVE-2013-3274 9.0
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspeci
29-07-2013 - 00:00 19-07-2013 - 10:36
CVE-2012-4610 3.3
EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to the proxy client.
04-06-2013 - 23:38 31-10-2012 - 06:50
CVE-2013-0945 9.3
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a
03-05-2013 - 12:54 03-05-2013 - 07:57
CVE-2013-0944 3.5
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
03-05-2013 - 00:00 03-05-2013 - 07:57
CVE-2012-2291 7.2
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
22-01-2013 - 00:00 21-01-2013 - 16:55
CVE-2011-0648 8.5
Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote authenticated users to gain privileges via unknown vectors.
21-09-2011 - 23:28 16-03-2011 - 18:55
CVE-2011-0442 3.5
The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to transmit event details in (1) service requests and (2) e-mail messages, which might allow remote attackers to obtain sensitive information by sniffing the network.
21-09-2011 - 23:28 16-03-2011 - 18:55
CVE-2011-1740 7.7
EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.
20-09-2011 - 00:00 19-09-2011 - 08:02
Back to Top Mark selected
Back to Top