172 matches found
Command injection
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...
CVE-2021-37036
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...
CVE-2021-37036
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...
Information disclosure
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...
CVE-2021-37102
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...
CVE-2021-37102
The CVE-2021-37102 issue affects Huawei FusionCompute’s CMA service module, where processing the default certificate file allows command injection due to inadequate input validation. Affected versions include FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, and 8.0.0. If exploited, an attacker co...
CVE-2021-37036
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...
CVE-2021-37036
CVE-2021-37036 describes an information disclosure in Huawei FusionCompute 6.5.1 and related components (eCNS280_TD V100R005C00/V100R005C10). The root cause is improper storage of specific information in a log file, allowing an attacker to retrieve sensitive data when a user logs into the device....
Huawei FusionCompute Product Command Injection Vulnerability
Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, etc. A command injection vulnerability exists in the Huawei FusionCompute product, which stems from incorrect input validation in the CMA servi...
Huawei FusionCompute 命令注入漏洞
Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, etc. A command injection vulnerability exists in the Huawei FusionCompute product, which stems from incorrect input validation in the CMA servi...
CVE-2021-37105
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...
CVE-2021-37105
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...
CVE-2021-37106
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...
CVE-2021-37106
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...
Unrestricted file upload
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...
Command injection
There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...
CVE-2021-37105
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...
CVE-2021-37105
There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...
CVE-2021-37105
CVE-2021-37105 affects Huawei FusionCompute (VRM/CNA) with an improper file upload control vulnerability. FusionCompute versions 6.5.0, 6.5.1 and 8.0.0 fail to properly verify uploaded files or restrict file access paths, enabling an attacker to upload malicious files and cause service abnormalit...
CVE-2021-37106
CVE-2021-37106 affects Huawei FusionCompute CMA service module (versions 6.3.0, 6.3.1, 6.5.0 and 8.0.0). The issue is a command injection vulnerability that occurs when processing the default certificate file, where external input from users is used to build part of a command without sufficient v...