9 results (0.031 seconds)

CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. Se presenta una vulnerabilidad de exposición de información en varios productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-infodis-en •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. Se presenta una vulnerabilidad de uso de memoria previamente liberada (UAF) en los productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800. Se presenta una vulnerabilidad de escritura fuera de límites en algunos productos de Huawei. Un atacante puede explotar esta vulnerabilidad mediante el envío datos diseñados en el paquete hacia el dispositivo destino. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service. Se presenta una vulnerabilidad de puntero doble liberación en algunas versiones de CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 y CloudEngine 12800. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en • CWE-415: Double Free •

CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0

There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service. Se presenta una vulnerabilidad de denegación de servicio en algunas versiones de CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 y CloudEngine 12800. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en •