CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2021-40033
https://notcve.org/view.php?id=CVE-2021-40033
There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. Se presenta una vulnerabilidad de exposición de información en varios productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-infodis-en •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-40042
https://notcve.org/view.php?id=CVE-2021-40042
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. Se presenta una vulnerabilidad de puntero no válido en algunos productos de Huawei, una explotación con éxito puede causar que el proceso y el servicio sean anormales. Las versiones de producto afectadas incluyen: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versiones V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800 • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-en • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-40008
https://notcve.org/view.php?id=CVE-2021-40008
There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. Se presenta una vulnerabilidad de filtrado de memoria en CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 y CloudEngine 7800 V200R019C00SPC800. El software no rastrea y libera suficientemente la memoria asignada mientras analiza una serie de mensajes binarios elaborados, lo que podría consumir la memoria restante. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-37122
https://notcve.org/view.php?id=CVE-2021-37122
There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. Se presenta una vulnerabilidad de uso de memoria previamente liberada (UAF) en los productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-22328
https://notcve.org/view.php?id=CVE-2021-22328
There is a denial of service vulnerability in some huawei products. In specific scenarios, due to the improper handling of the packets, an attacker may craft the specific packet. Successful exploit may cause some services abnormal. Affected product versions include:CloudEngine 12800 V200R005C00SPC800, CloudEngine 5800 V200R005C00SPC800, CloudEngine 6800 V200R005C00SPC800, CloudEngine 7800 V200R005C00SPC800. Se presenta una vulnerabilidad de denegación de servicio en algunos productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-dos-en •