20 results (0.006 seconds)

CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. Se presenta una vulnerabilidad de exposición de información en varios productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-infodis-en •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. Se presenta una vulnerabilidad de puntero no válido en algunos productos de Huawei, una explotación con éxito puede causar que el proceso y el servicio sean anormales. Las versiones de producto afectadas incluyen: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versiones V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800 • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-en • CWE-763: Release of Invalid Pointer or Reference •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. Se presenta una vulnerabilidad de filtrado de memoria en CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 y CloudEngine 7800 V200R019C00SPC800. El software no rastrea y libera suficientemente la memoria asignada mientras analiza una serie de mensajes binarios elaborados, lo que podría consumir la memoria restante. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege. Se presenta una vulnerabilidad de escalada de privilegios en CloudEngine 5800 versión V200R020C00SPC600. Debido a una falta de restricciones de privilegios, un atacante local autenticado puede llevar a cabo una operación específica para explotar esta vulnerabilidad. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211103-01-privilege-en •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. Se presenta una vulnerabilidad de uso de memoria previamente liberada (UAF) en los productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en • CWE-416: Use After Free •