CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9695
https://notcve.org/view.php?id=CVE-2014-9695
02 Apr 2017 — The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. El software Hyper Module Management (HMM) de Huawei Tecal E9000 Chassis V100R001C00SPC160 y versiones anteriores podría permitir a un usuario no super del dominio que acceda HMM a través de through SNMPv3 para realizar operaciones en un servidor como un superusuario del dom... • http://www.huawei.com/en/psirt/security-advisories/hw-408118 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9696
https://notcve.org/view.php?id=CVE-2014-9696
02 Apr 2017 — The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. El software Hyper Module Management (HMM) de Huawei Tecal E9000 Chassis V100R001C00SPC160 y versiones anteriores permite al operador modificar la configuración de usuario de iMana mediante la escalada de privilegios. • http://www.huawei.com/en/psirt/security-advisories/hw-408117 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6898
https://notcve.org/view.php?id=CVE-2016-6898
07 Sep 2016 — XML external entity (XXE) vulnerability in the Hyper Management Module (HMM) in Huawei E9000 rack servers with software before V100R001C00SPC296 allows remote authenticated users to read arbitrary files or cause a denial of service (web service outage) via a crafted XML document. Vulnerabilidad XML de entidad externa (XXE) en el Hyper Management Module (HMM) en servidores en rack Huawei E9000 con software en versiones anteriores a V100R001C00SPC296 permite a usuarios remotos autenticados leer archivos arbit... • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160824-01-e9000-en • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 25%CPEs: 160EXPL: 0CVE-2015-2808 – SSL/TLS: "Invariance Weakness" vulnerability in RC4 stream cipher
https://notcve.org/view.php?id=CVE-2015-2808
01 Apr 2015 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. El algoritmo RC4, utilizado en el protocolo TLS y el prot... • http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •