10 results (0.009 seconds)

CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. Se presenta una vulnerabilidad de exposición de información en varios productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-infodis-en •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust. Se presenta una vulnerabilidad de filtrado de memoria en CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 y CloudEngine 7800 V200R019C00SPC800. El software no rastrea y libera suficientemente la memoria asignada mientras analiza una serie de mensajes binarios elaborados, lo que podría consumir la memoria restante. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en • CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. Se presenta una vulnerabilidad de uso de memoria previamente liberada (UAF) en los productos de Huawei. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en • CWE-416: Use After Free •

CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0

There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800. Se presenta una vulnerabilidad de escritura fuera de límites en algunos productos de Huawei. Un atacante puede explotar esta vulnerabilidad mediante el envío datos diseñados en el paquete hacia el dispositivo destino. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0

There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation. Se presenta una vulnerabilidad de lectura fuera de límites en los productos Huawei CloudEngine. El software lee los datos más allá del final del búfer previsto cuando se analiza determinado mensaje PIM, un atacante adyacente podría enviar mensajes PIM diseñados al dispositivo, una explotación con éxito podría causar una lectura fuera de límites cuando el sistema realiza la operación determinada • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en • CWE-125: Out-of-bounds Read •