CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-40033
https://notcve.org/view.php?id=CVE-2021-40033
31 Jan 2022 — There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. Se presenta una vulnerabilidad de... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-infodis-en •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-40042
https://notcve.org/view.php?id=CVE-2021-40042
31 Jan 2022 — There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. Se presenta una vulnerabilidad de puntero no válido en algunos productos de Huawei, una ... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-en • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-40008
https://notcve.org/view.php?id=CVE-2021-40008
13 Dec 2021 — There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. Se presenta una vulnerabilidad de filtrado de memoria en CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-37122
https://notcve.org/view.php?id=CVE-2021-37122
27 Oct 2021 — There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. Se presenta una vulnerabilidad de uso de memoria previ... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22328
https://notcve.org/view.php?id=CVE-2021-22328
23 Aug 2021 — There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800. Se presenta una vulnerabilidad de denegación de servicio en algunos productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2021-22362
https://notcve.org/view.php?id=CVE-2021-22362
27 May 2021 — There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C0... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-22332
https://notcve.org/view.php?id=CVE-2021-22332
28 Apr 2021 — There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service. Se presenta una vulnerabilidad de puntero doble liberación en algunas versiones de CloudEngine 5800, CloudEngine... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-22393
https://notcve.org/view.php?id=CVE-2021-22393
28 Apr 2021 — There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service. Se presenta una vulnerabilidad de denegación de servicio en algunas versiones de CloudEngine 5800, CloudEngine 6800, CloudEngine 7800... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en •
CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0CVE-2020-1865
https://notcve.org/view.php?id=CVE-2020-1865
13 Jan 2021 — There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation. Se presenta una vulnerabilidad de lectura fuera de límites en los productos Huawei CloudEngine. El software lee los datos más allá del final del búfer previsto cuando se anal... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-9207
https://notcve.org/view.php?id=CVE-2020-9207
29 Dec 2020 — There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. Se presenta una vulnerabilidad de autenticación inapropiada en algunas versiones del producto Huawei CloudEngine. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201216-01-vrp-en • CWE-287: Improper Authentication •