Lucene search
K

172 matches found

prion
prion
added 2021/11/23 4:15 p.m.17 views

Command injection

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

9CVSS8.8AI score0.00946EPSS
Exploits0References1Affected Software1
osv
osv
added 2021/11/23 3:15 p.m.6 views

CVE-2021-37036

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References1
nvd
nvd
added 2021/11/23 3:15 p.m.17 views

CVE-2021-37036

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...

5.5CVSS0.00166EPSS
Exploits0References1
prion
prion
added 2021/11/23 3:15 p.m.25 views

Information disclosure

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...

2.1CVSS5.3AI score0.00166EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2021/11/23 3:2 p.m.33 views

CVE-2021-37102

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful...

9.1AI score0.00946EPSS
Exploits0References1
cve
cve
added 2021/11/23 3:2 p.m.62 views

CVE-2021-37102

The CVE-2021-37102 issue affects Huawei FusionCompute’s CMA service module, where processing the default certificate file allows command injection due to inadequate input validation. Affected versions include FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, and 8.0.0. If exploited, an attacker co...

9CVSS8.8AI score0.00946EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/11/23 2:59 p.m.32 views

CVE-2021-37036

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the informati...

5.6AI score0.00166EPSS
Exploits0References1
cve
cve
added 2021/11/23 2:59 p.m.66 views

CVE-2021-37036

CVE-2021-37036 describes an information disclosure in Huawei FusionCompute 6.5.1 and related components (eCNS280_TD V100R005C00/V100R005C10). The root cause is improper storage of specific information in a log file, allowing an attacker to retrieve sensitive data when a user logs into the device....

5.5CVSS5.3AI score0.00166EPSS
Exploits0References1Affected Software1
cnvd
cnvd
added 2021/10/13 12:0 a.m.22 views

Huawei FusionCompute Product Command Injection Vulnerability

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, etc. A command injection vulnerability exists in the Huawei FusionCompute product, which stems from incorrect input validation in the CMA servi...

9CVSS2.8AI score0.00946EPSS
Exploits0Affected Software1
cnnvd
cnnvd
added 2021/10/11 12:0 a.m.5 views

Huawei FusionCompute 命令注入漏洞

Huawei FusionCompute is a computer virtualization engine from Huawei China. The product provides Virtual Resource Manager VRM and Compute Node Agent CNA, etc. A command injection vulnerability exists in the Huawei FusionCompute product, which stems from incorrect input validation in the CMA servi...

9CVSS8.4AI score0.00946EPSS
Exploits0References4
nvd
nvd
added 2021/09/28 3:15 p.m.19 views

CVE-2021-37105

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...

7.5CVSS0.00636EPSS
Exploits0References1
osv
osv
added 2021/09/28 3:15 p.m.5 views

CVE-2021-37105

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...

7.5CVSS5.7AI score0.00636EPSS
Exploits0References1
nvd
nvd
added 2021/09/28 3:15 p.m.29 views

CVE-2021-37106

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...

9CVSS0.00898EPSS
Exploits0References1
osv
osv
added 2021/09/28 3:15 p.m.7 views

CVE-2021-37106

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...

7.2CVSS7.1AI score0.00898EPSS
Exploits0References1
prion
prion
added 2021/09/28 3:15 p.m.17 views

Unrestricted file upload

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...

4.3CVSS7.5AI score0.00636EPSS
Exploits0References1Affected Software1
prion
prion
added 2021/09/28 3:15 p.m.15 views

Command injection

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...

9CVSS7.1AI score0.00898EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2021/09/28 3:15 p.m.3 views

CVE-2021-37105

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...

7.5CVSS7AI score0.00636EPSS
Exploits0References2
cvelist
cvelist
added 2021/09/28 2:3 p.m.22 views

CVE-2021-37105

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal...

7.7AI score0.00636EPSS
Exploits0References1
cve
cve
added 2021/09/28 2:3 p.m.54 views

CVE-2021-37105

CVE-2021-37105 affects Huawei FusionCompute (VRM/CNA) with an improper file upload control vulnerability. FusionCompute versions 6.5.0, 6.5.1 and 8.0.0 fail to properly verify uploaded files or restrict file access paths, enabling an attacker to upload malicious files and cause service abnormalit...

7.5CVSS7.5AI score0.00636EPSS
Exploits0References1Affected Software1
cve
cve
added 2021/09/28 2:2 p.m.51 views

CVE-2021-37106

CVE-2021-37106 affects Huawei FusionCompute CMA service module (versions 6.3.0, 6.3.1, 6.5.0 and 8.0.0). The issue is a command injection vulnerability that occurs when processing the default certificate file, where external input from users is used to build part of a command without sufficient v...

9CVSS7.1AI score0.00898EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder