CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9222
https://notcve.org/view.php?id=CVE-2020-9222
27 Dec 2024 — There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222. • https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200826-01-fc-en • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37102
https://notcve.org/view.php?id=CVE-2021-37102
23 Nov 2021 — There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. Se presenta una vulnerabilidad de inyección de coman... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-cmd-en • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-37105
https://notcve.org/view.php?id=CVE-2021-37105
28 Sep 2021 — There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. Se presenta una vulnerabilidad de control de carga de archivos inapropiada en FusionCompute versiones 6.5.0, 6.5.1 y 8.0.0. Debido a una comprobación inapropiada del archivo que se va a subir y a que no se restringe estr... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-upload-en • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37106
https://notcve.org/view.php?id=CVE-2021-37106
28 Sep 2021 — There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Se presenta una vulnerabilidad de inyección de comandos en el módulo de servicio CMA de FusionCompute versiones 6.3.0, 6.... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210922-01-commandinjection-en • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-9114
https://notcve.org/view.php?id=CVE-2020-9114
01 Dec 2020 — FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. Las versiones 6.3.0, 6.3.1, 6.5.0, 6.5.1 y 8.0.0 de FusionCompute tienen una vulnerabilidad de escalada de privilegios. Debido a una administración de privilegios inapropiada, un atacante con ... • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201118-01-privilege-en • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6827
https://notcve.org/view.php?id=CVE-2016-6827
26 Sep 2016 — Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors. Huawei FusionCompute en versiones anteriores a V100R005C10CP7002 almacena claves AES de texto plano en un archivo, lo que permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160815-01-fusioncompute-EN • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4057
https://notcve.org/view.php?id=CVE-2016-4057
30 Jun 2016 — Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets. Huawei FusionCompute en versiones anteriores a V100R005C10SPC700 permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de recurso) a través de un gran número de paquetes manipulados. • http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160330-01-fusioncompute-en • CWE-399: Resource Management Errors •