Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fusioncompute
(Huawei)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-27 | CVE-2021-22358 | There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal. | Fusioncompute | 4.3 | ||
| 2020-12-01 | CVE-2020-9116 | Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. | Fusioncompute | 7.2 | ||
| 2020-12-01 | CVE-2020-9114 | FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. | Fusioncompute | 7.8 | ||
| 2020-11-12 | CVE-2020-9128 | FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak. | Fusioncompute | 4.4 | ||
| 2020-08-17 | CVE-2020-9233 | FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal. | Fusioncompute | N/A | ||
| 2016-09-26 | CVE-2016-6827 | Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | Fusioncompute | 6.5 | ||
| 2017-11-22 | CVE-2017-8158 | FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable. | Fusioncompute | 6.5 | ||
| 2016-06-30 | CVE-2016-4057 | Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. | Fusioncompute | 6.5 |