Lucene search
K

24 matches found

Prion
Prion
added 2020/07/18 1:16 a.m.19 views

Cross site scripting

There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected...

3.3CVSS6.5AI score0.00329EPSS
Exploits0References1Affected Software6
CVE
CVE
added 2020/06/15 2:56 p.m.66 views

CVE-2020-9075

CVE-2020-9075 affects Huawei Secospace USG6300/USG6300E (V500R001C30/V500R001C50/V500R001C60/V500R001C80/V500R005C00/V500R005C10/V600R006C00). The root cause is insufficient input verification in these devices, enabling an attacker with limited privileges to access a specific directory and potent...

6.5CVSS6.3AI score0.00607EPSS
Exploits0References1Affected Software2
OpenVAS
OpenVAS
added 2020/06/09 12:0 a.m.65 views

Huawei Products Improper Authentication Vulnerability (huawei-sa-20200506-02-authentication)

Multiple Huawei products are prone to an improper authentication vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program...

9.8CVSS9.8AI score0.00876EPSS
Exploits0References1
NVD
NVD
added 2020/06/08 2:15 p.m.24 views

CVE-2020-9099

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10;...

9.8CVSS9.7AI score0.00876EPSS
Exploits0References1
Prion
Prion
added 2020/06/08 2:15 p.m.24 views

Authentication flaw

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10;...

7.5CVSS9.5AI score0.00876EPSS
Exploits0References1Affected Software9
Cvelist
Cvelist
added 2020/06/08 1:55 p.m.26 views

CVE-2020-9099

Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Secospace USG6300; Secospace USG6500; Secospace USG6600; USG9500 with versions of V500R001C00; V500R001C20; V500R001C30; V500R001C50; V500R001C60; V500R001C80; V500R005C00; V500R005C10; V500R005C20; V500R002C00; V500R002C10;...

9.7AI score0.00876EPSS
Exploits0References1
NVD
NVD
added 2020/02/17 9:15 p.m.25 views

CVE-2020-1856

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful...

7.5CVSS7.4AI score0.00764EPSS
Exploits0References1
OSV
OSV
added 2020/02/17 9:15 p.m.3 views

CVE-2020-1856

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful...

7.5CVSS7.1AI score0.00764EPSS
Exploits0References1
Prion
Prion
added 2020/02/17 9:15 p.m.20 views

Information disclosure

Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific request packets to affected devices. Successful...

5CVSS7.4AI score0.00764EPSS
Exploits0References1Affected Software6
CVE
CVE
added 2020/02/17 8:27 p.m.105 views

CVE-2020-1856

CVE-2020-1856 affects Huawei NGFW modules (NIP6300/NIP6600, Secospace USG6500/USG6600/USG9500) with firmware versions V500R001C30, V500R001C60, and V500R005C00. The vulnerability enables information leakage when an attacker sends crafted request packets to affected devices. Per NVD, CVSSv3.1 base...

7.5CVSS7.3AI score0.00764EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/12/26 7:15 p.m.22 views

CVE-2019-5275

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate ...

7.5CVSS7.7AI score0.00474EPSS
Exploits0References1
NVD
NVD
added 2019/12/26 7:15 p.m.23 views

CVE-2019-5272

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection...

4.9CVSS5AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2019/12/26 7:15 p.m.4 views

CVE-2019-5273

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a deni...

7.5CVSS7.3AI score0.00477EPSS
Exploits0References1
Prion
Prion
added 2019/12/26 7:15 p.m.21 views

Design/Logic Flaw

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection...

4CVSS4.9AI score0.00258EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/26 6:49 p.m.22 views

CVE-2019-5273

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a deni...

7.5AI score0.00477EPSS
Exploits0References1
CVE
CVE
added 2019/12/26 6:49 p.m.86 views

CVE-2019-5273

The Huawei USG9500 hardening advisory confirms CVE-2019-5273 is a denial-of-service vulnerability in the X.509 certificate handling. Affected products are USG9500 with V500R001C30 and V500R001C60. The root cause is a flaw in X.509 processing that can trigger a large heap buffer overrun when decod...

7.5CVSS7.5AI score0.00477EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/12/26 6:42 p.m.87 views

CVE-2019-5274

CVE-2019-5274 is a Huawei USG9500 denial-of-service vulnerability arising from a flaw in the X.509 certificate handling, which can enter an infinite loop when processing a malicious certificate. Affected products are USG9500 with V500R001C30 and V500R001C60. The issue can be exploited to cause Do...

7.5CVSS7.3AI score0.00477EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/12/26 6:42 p.m.27 views

CVE-2019-5274

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in an infinite loop, an attacker may exploit the vulnerability via a malicious certificate to perform a denial of service...

7.3AI score0.00477EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/26 6:36 p.m.19 views

CVE-2019-5275

USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a heap buffer overflow when decoding a certificate, an attacker may exploit the vulnerability by a malicious certificate ...

7.7AI score0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/26 6:30 p.m.26 views

CVE-2019-5272

USG9500 with versions of V500R001C30;V500R001C60 have a missing integrity checking vulnerability. The software of the affected products does not check the integrity which may allow an attacker with high privilege to make malicious modifications without detection...

5AI score0.00258EPSS
Exploits0References1
Rows per page
Query Builder