173 matches found
Huawei FusionCompute Local Elevation of Privilege Vulnerability
Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, among others. A local elevation of privilege vulnerability exists in Huawei FusionCompute version 8.0.0. The vulnerability stems from a failure...
Security Advisory - Local Privilege Escalation Vulnerability in Huawei FusionCompute Product
There is a local privilege escalation vulnerability in Huawei FusionCompute product. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. Vulnerabili...
Security Advisory - Information Leak Vulnerabilities in Huawei FusionCompute Product
There are two information disclosure vulnerability in Huawei FusionCompute product. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. Vulnerability ID: HWPSIRT-2020-05013 and HWPSIRT-2020-05065 The two vulnerabilities ha...
Huawei FusionCompute License Issue Vulnerability
Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, among others. An authorization issue vulnerability exists in Huawei FusionCompute version 8.0.0, which stems from a module not properly...
Huawei Data Communication: RCE Vulnerability in Fastjson (huawei-sa-20191204-01-fastjson)
A remote code execution RCE vulnerability exists in the open- source JSON parsing library Fastjson. This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C...
CVE-2017-8158
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine VM processes to exhaust system resources. Successful exploit...
CVE-2017-8158
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine VM processes to exhaust system resources. Successful exploit...
Authorization
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine VM processes to exhaust system resources. Successful exploit...
CVE-2017-8158
Huawei FusionCompute (V100R005C00 and V100R005C10) contains an improper authorization vulnerability due to misconfigured host-file permissions. An authenticated attacker could trigger a denial by spawning a large number of VM processes, exhausting system resources and making new VMs unavailable. ...
CVE-2017-8158
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine VM processes to exhaust system resources. Successful exploit...
Huawei FusionCompute Denial of Service Vulnerability
Huawei FusionCompute is an enterprise-grade, open server virtualization solution from Huawei, China, based on the Xen open source design. The solution provides automation, advanced integration and management capabilities for virtualized data centers. A denial of service vulnerability exists in...
CVE-2016-6827
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2016-6827
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
Design/Logic Flaw
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2016-6827
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, enabling remote authenticated users to obtain sensitive information via unspecified vectors. Connected documents confirm the vulnerability originates from plaintext key storage and affects FusionCompute deployments...
CVE-2016-6827
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors...
Huawei FusionCompute Information Disclosure Vulnerability
Huawei FusionCompute is an enterprise-grade, open server virtualization solution from Huawei, China, based on the Xen open source design. The solution provides automation, advanced integration and management capabilities for virtualized data centers. An information disclosure vulnerability exists...
Security Advisory - Cleartext Storage of Crytographic Key Vulnerability in FusionCompute
FusionCompute has a key cleartext storage vulnerability. Successful exploit could allow an attacker to obtain AES keys. Vulnerability ID: HWPSIRT-2016-06076 This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID: CVE-2016-6827. Huawei has released software updates to fix...
Huawei FusionCompute Denial of Service Vulnerability
Huawei FusionCompute is an enterprise-class open server virtualization solution based on the Xen open source design. A denial of service vulnerability exists in Huawei FusionCompute, which can be exploited by remote attackers to conduct denial of service attacks by sending a large number of packe...
CVE-2016-4057
Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service resource consumption via a large number of crafted packets...