21 matches found
CVE-2020-9116
Huawei FusionCompute targets 6.5.1 and 8.0.0 and contains a command injection vulnerability. The issue arises from insufficient verification, allowing an authenticated, remote attacker to craft a request and potentially obtain higher privileges. Affected software is Huawei FusionCompute; remediat...
CVE-2020-9114
CVE-2020-9114 affects Huawei FusionCompute: versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 contain a privilege escalation vulnerability caused by improper privilege management. An attacker with common privileges can access certain files and obtain administrator privileges, leading to full compromi...
CVE-2020-9236
Huawei FusionCompute is affected by CVE-2020-9236 (improper interface design). The vulnerability stems from a design flaw in the module interface that can allow attackers to perform malicious operations and compromise the module service. Affected product/version: Huawei FusionCompute, with versio...
CVE-2016-4057
Huawei FusionCompute is affected by CVE-2016-4057: a DoS vulnerability in FusionCompute prior to V100R005C10SPC700 allows remote authenticated users to exhaust resources by sending a high volume of crafted packets, causing service disruption. The issue originates from a vulnerability in handling ...
CVE-2020-9078
Huawei FusionCompute 8.0.0 contains a local privilege escalation vulnerability (CVE-2020-9078). An authenticated local attacker can perform specific operations to gain higher privileges and potentially compromise the service. The issue is documented across multiple sources, including Huawei’s sec...
CVE-2021-37036
CVE-2021-37036 describes an information disclosure in Huawei FusionCompute 6.5.1 and related components (eCNS280_TD V100R005C00/V100R005C10). The root cause is improper storage of specific information in a log file, allowing an attacker to retrieve sensitive data when a user logs into the device....
CVE-2020-9242
The CVE-2020-9242 issue affects Huawei FusionCompute 8.0.0, where a command injection vulnerability exists due to insufficient validation of certain user-supplied parameters. The likely impact is that an authenticated attacker could execute arbitrary commands on affected systems. Huawei’s securit...
CVE-2020-9222
CVE-2020-9222 affects Huawei FusionCompute. The vulnerability is a privilege-escalation issue caused by insufficient verification of specific files during deserialization, enabling local attackers to elevate permissions. Affected product/component: Huawei FusionCompute; root cause: improper deser...
CVE-2021-37102
The CVE-2021-37102 issue affects Huawei FusionCompute’s CMA service module, where processing the default certificate file allows command injection due to inadequate input validation. Affected versions include FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, and 8.0.0. If exploited, an attacker co...
CVE-2020-9229
Summary: CVE-2020-9229 is an information-disclosure vulnerability in Huawei FusionCompute 8.0.0. The issue stems from failing to protect certain information, allowing an attacker to obtain information. Affected product: Huawei FusionCompute 8.0.0 (VRM/CNA components mentioned in CNVD entry). Root...
CVE-2021-22358
CVE-2021-22358 affects Huawei FusionCompute 8.0.0. The issue is an insufficient input validation vulnerability that allows an attacker to upload arbitrary files to the device, potentially causing the service to become abnormal. Documents from multiple sources confirm the root cause and impact, wi...
CVE-2020-9246
CVE-2020-9246 affects Huawei FusionCompute 8.0.0. It is an information-disclosure vulnerability caused by a module not enforcing strict access control and information protection, allowing low-privilege attackers to obtain additional information. Public references (NVD, Red Hat, CNVD, Prio) corrob...
CVE-2020-9128
CVE-2020-9128 affects Huawei FusionCompute 8.0.0, where an insecure encryption algorithm leads to partial information disclosure. Exploitation is described for attackers with elevated permissions, enabling information leak rather than full compromise. The Red Hat, CNVD, NVD and other feeds corrob...
CVE-2021-37105
CVE-2021-37105 affects Huawei FusionCompute (VRM/CNA) with an improper file upload control vulnerability. FusionCompute versions 6.5.0, 6.5.1 and 8.0.0 fail to properly verify uploaded files or restrict file access paths, enabling an attacker to upload malicious files and cause service abnormalit...
CVE-2017-8158
Huawei FusionCompute (V100R005C00 and V100R005C10) contains an improper authorization vulnerability due to misconfigured host-file permissions. An authenticated attacker could trigger a denial by spawning a large number of VM processes, exhausting system resources and making new VMs unavailable. ...
CVE-2020-9233
CVE-2020-9233 affects Huawei FusionCompute 8.0.0. The vulnerability is described as an insufficient authentication flaw that could enable an attacker to delete files and cause services to behave abnormally. The CVSS metrics in the public entry indicate high impact (CRITICAL in CVSS 3.1: 9.1) with...
CVE-2015-8336
CVE-2015-8336 affects Huawei FusionCompute prior to V100R005C10SPC700. It enables remote authenticated users to obtain sensitive role and permission information via unspecified vectors due to an information disclosure vulnerability. Affected versions: FusionCompute before V100R005C10SPC700. Mitig...
CVE-2016-6827
Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, enabling remote authenticated users to obtain sensitive information via unspecified vectors. Connected documents confirm the vulnerability originates from plaintext key storage and affects FusionCompute deployments...
CVE-2020-9228
CVE-2020-9228 affects Huawei FusionCompute 8.0.0. The vulnerability is an information disclosure where the product fails to protect certain information, allowing potential leakage. Connected sources (NVD, Red Hat RH, CNVD, PRION, CVE list, and Huawei PSIRT) corroborate the INFO DISCLOSURE BMC con...
CVE-2020-9248
CVE-2020-9248 affects Huawei FusionCompute 8.0.0; the vulnerability stems from a module that fails to verify input and improperly authorizes certain files, enabling privilege escalation and potential disruption of normal service. Exploitation details are not provided in the document set, but the ...
CVE-2021-37106
CVE-2021-37106 affects Huawei FusionCompute CMA service module (versions 6.3.0, 6.3.1, 6.5.0 and 8.0.0). The issue is a command injection vulnerability that occurs when processing the default certificate file, where external input from users is used to build part of a command without sufficient v...