Fusioncompute
by Huawei
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8158 | Med | 0.42 | 6.5 | 0.00 | Nov 22, 2017 | FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources.… | ||
| CVE-2016-6827 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2016 | Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||
| CVE-2016-4057 | Med | 0.42 | 6.5 | 0.01 | Jun 30, 2016 | Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | ||
| CVE-2015-8336 | Med | 0.28 | 4.3 | 0.01 | Apr 14, 2016 | Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | ||
| CVE-2020-9236 | 0.00 | — | 0.00 | Dec 27, 2024 | There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability… | |||
| CVE-2020-9222 | 0.00 | — | 0.00 | Dec 27, 2024 | There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This… | |||
| CVE-2021-37102 | 0.00 | — | 0.01 | Nov 23, 2021 | There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user… | |||
| CVE-2021-37036 | 0.00 | — | 0.00 | Nov 23, 2021 | There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may… | |||
| CVE-2021-37105 | 0.00 | — | 0.01 | Sep 28, 2021 | There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the… | |||
| CVE-2021-37106 | 0.00 | — | 0.01 | Sep 28, 2021 | There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently… | |||
| CVE-2021-22358 | 0.00 | — | 0.01 | May 27, 2021 | There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. | |||
| CVE-2020-9114 | 0.00 | — | 0.00 | Dec 1, 2020 | FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful… | |||
| CVE-2020-9116 | 0.00 | — | 0.01 | Nov 30, 2020 | Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher… | |||
| CVE-2020-9128 | 0.00 | — | 0.00 | Nov 12, 2020 | FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. | |||
| CVE-2020-9246 | 0.00 | — | 0.01 | Aug 21, 2020 | FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. | |||
| CVE-2020-9233 | 0.00 | — | 0.01 | Aug 17, 2020 | FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal. | |||
| CVE-2020-9242 | 0.00 | — | 0.01 | Aug 17, 2020 | FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. | |||
| CVE-2020-9229 | 0.00 | — | 0.00 | Aug 14, 2020 | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | |||
| CVE-2020-9228 | 0.00 | — | 0.01 | Aug 14, 2020 | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | |||
| CVE-2020-9078 | 0.00 | — | 0.00 | Aug 10, 2020 | FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. |
- risk 0.42cvss 6.5epss 0.00
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources.…
- risk 0.42cvss 6.5epss 0.01
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.
- risk 0.28cvss 4.3epss 0.01
Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.
- CVE-2020-9236Dec 27, 2024risk 0.00cvss —epss 0.00
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability…
- CVE-2020-9222Dec 27, 2024risk 0.00cvss —epss 0.00
There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This…
- CVE-2021-37102Nov 23, 2021risk 0.00cvss —epss 0.01
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user…
- CVE-2021-37036Nov 23, 2021risk 0.00cvss —epss 0.00
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may…
- CVE-2021-37105Sep 28, 2021risk 0.00cvss —epss 0.01
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the…
- CVE-2021-37106Sep 28, 2021risk 0.00cvss —epss 0.01
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently…
- CVE-2021-22358May 27, 2021risk 0.00cvss —epss 0.01
There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal.
- CVE-2020-9114Dec 1, 2020risk 0.00cvss —epss 0.00
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful…
- CVE-2020-9116Nov 30, 2020risk 0.00cvss —epss 0.01
Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher…
- CVE-2020-9128Nov 12, 2020risk 0.00cvss —epss 0.00
FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.
- CVE-2020-9246Aug 21, 2020risk 0.00cvss —epss 0.01
FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak.
- CVE-2020-9233Aug 17, 2020risk 0.00cvss —epss 0.01
FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal.
- CVE-2020-9242Aug 17, 2020risk 0.00cvss —epss 0.01
FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.
- CVE-2020-9229Aug 14, 2020risk 0.00cvss —epss 0.00
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
- CVE-2020-9228Aug 14, 2020risk 0.00cvss —epss 0.01
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
- CVE-2020-9078Aug 10, 2020risk 0.00cvss —epss 0.00
FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.
Page 1 of 2