172 matches found
CVE-2017-8197
FusionSphere V100R006C00SPC102NFV has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands...
CVE-2017-8190
CVE-2017-8190 is reported for FusionSphere OpenStack (V100R006C00SPC102 NFV) with an improper verification of cryptographic signatures. The underlying issue is that the software does not verify the cryptographic signature, enabling a high-privilege attacker to inject malicious software. The NVD e...
CVE-2017-8134
The CVE-2017-8134 entry concerns Huawei FusionSphere OpenStack (software versions V100R006C00 and V100R006C10) with four TCP listening ports vulnerable to command injection caused by insufficient input validation. The vulnerability allows an unauthenticated attacker to execute malicious commands ...
CVE-2017-2714
The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service DoS condition in the affected system...
CVE-2017-8192
FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation...
CVE-2017-2718
CVE-2017-2718 affects Huawei FusionSphere/OpenStack deployments (V100R006C00, V100R006C10RC2). The defect is two command injection vulnerabilities caused by insufficient input validation on a single port, enabling an attacker to obtain root privileges by sending specially crafted messages. Public...
CVE-2017-8196
FusionSphere V100R006C00SPC102NFV has an incorrect authorization vulnerability. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable...
CVE-2017-8131
The CVE-2017-8131 entry applies to FusionSphere OpenStack (software versions V100R006C00/V100R006C10). It describes a command injection vulnerability caused by insufficient input validation on four TCP listening ports, allowing an unauthenticated attacker to execute commands and gain root privile...
CVE-2017-2719
CVE-2017-2719 concerns Huawei FusionSphere/OpenStack components (V100R006C00 and V100R006C10RC2). The issue is two command-injection vulnerabilities caused by insufficient input validation on a TCP/one port, allowing an attacker to execute malicious commands and potentially gain root privileges b...
CVE-2017-8198
FusionSphere V100R006C00SPC102(NFV) is affected by an SQL injection due to insufficient input validation in an interface message handler. An authenticated, remote attacker could craft messages carrying malicious SQL and send them to a target device, potentially executing arbitrary SQL commands wi...
CVE-2017-8189
CVE-2017-8189 is a path traversal vulnerability in Huawei FusionSphere OpenStack, affecting FusionSphere OpenStack V100R006C00SPC102 (NFV). Root cause: insufficient path validation. A high-privilege attacker could traverse paths and overwrite/cover files, leading to service disruption (as per Hua...
CVE-2017-8189
FusionSphere OpenStack V100R006C00SPC102NFVhas a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal...
CVE-2017-8135
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with...
CVE-2017-8191
FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...
CVE-2017-8197
The CVE-2017-8197 issue affects Huawei FusionSphere V100R006C00SPC102 (NFV). Affected component: command injection vulnerability in FusionSphere due to insufficient input validation, exploitable by an authenticated, remote attacker sending packets containing malicious strings to the device. Succe...
CVE-2017-8193
The FusionSphere OpenStack V100R006C00SPC102NFV has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands...
CVE-2017-8195
The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...
CVE-2017-8190
FusionSphere OpenStack V100R006C00SPC102NFVhas an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software...
CVE-2017-8134
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with...
CVE-2017-2714
CVE-2017-2714 affects GaussDB in Huawei FusionSphere OpenStack (V100R005C10SPC705 and earlier). The flaw is a buffer overflow caused by lack of input validation, enabling an authenticated LAN attacker to execute arbitrary code or cause a DoS. Connected sources corroborate the vulnerability in Gau...