CVE-2021-22378

There is a race condition vulnerability in eCNS280TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal...

CVE-2021-22361

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal...

EUVD-2021-9507

Malicious code in bioql PyPI...

EUVD-2021-9438

Malicious code in bioql PyPI...

EUVD-2021-9484

Malicious code in bioql PyPI...

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service...

CVE-2021-40007

There is an information leak vulnerability in eCNS280TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device may lead to information disclosure...

CVE-2021-39995

Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of service. Affected product versions include: eCNS280TD V100R005C10; eSE620X vESS V100R001C10SPC200,...

Huawei eCNS280_TD 权限许可和访问控制问题漏洞

Huawei eCNS280TD is a core network device for the wireless broadband trunking system from Huawei China. Huawei ESE620X vESS is a virtual enterprise service controller from Huawei China. An elevation of privilege vulnerability exists in several Huawei products. The vulnerability stems from the fac...

eCNS280 code issue vulnerability

Huawei eCNS280 is the core network equipment of Huawei's wireless broadband trunking system in China. In addition to providing traditional core network functions, it also provides network elements with capacity configurations based on actual applications by virtualizing network element functions...

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service...

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service...

Sql injection

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service...

CVE-2021-22338

The CVE-2021-22338 entry concerns an XXE injection in Huawei eCNS280, specifically versions V100R005C00 and V100R005C10. The underlying issue is that a module does not strictly validate input XML, allowing an attacker to craft messages that trigger denial of service. Public details in connected d...

CVE-2021-22338

There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not perform the strict operation to the input XML message. Attacker can send specific message to exploit this vulnerability, leading to the module denial of service...

eCNS280 代码问题漏洞

Huawei eCNS280 is the core network equipment of Huawei's wireless broadband trunking system in China. In addition to providing traditional core network functions, it also provides network elements with capacity configurations based on actual applications by virtualizing network element functions...

CVE-2021-22383

There is an out-of-bounds read vulnerability in eCNS280TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by...

CVE-2021-22378

There is a race condition vulnerability in eCNS280TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal...

CVE-2021-22363

There is a resource management error vulnerability in eCNS280TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnorma...

CVE-2021-22361

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal...