Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fusioncompute
(Huawei)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-09-28 | CVE-2021-37106 | There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. | Fusioncompute | 7.2 | ||
| 2021-11-23 | CVE-2021-37102 | There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. | Fusioncompute | 8.8 | ||
| 2021-11-23 | CVE-2021-37036 | There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. | Ecns280_td_firmware, Fusioncompute | 5.5 | ||
| 2021-09-28 | CVE-2021-37105 | There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. | Fusioncompute | 7.5 | ||
| 2020-07-31 | CVE-2020-9248 | Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service. | Fusioncompute | 6.7 | ||
| 2020-08-10 | CVE-2020-9078 | FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | Fusioncompute | 7.8 | ||
| 2020-08-14 | CVE-2020-9228 | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | Fusioncompute | 7.5 | ||
| 2020-08-14 | CVE-2020-9229 | FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information. | Fusioncompute | 4.4 | ||
| 2020-08-17 | CVE-2020-9242 | FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. | Fusioncompute | 8.8 | ||
| 2020-08-21 | CVE-2020-9246 | FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak. | Fusioncompute | 6.5 |