CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2021-22362
https://notcve.org/view.php?id=CVE-2021-22362
There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800. Se presenta una vulnerabilidad de escritura fuera de límites en algunos productos de Huawei. Un atacante puede explotar esta vulnerabilidad mediante el envío datos diseñados en el paquete hacia el dispositivo destino. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-22332
https://notcve.org/view.php?id=CVE-2021-22332
There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service. Se presenta una vulnerabilidad de puntero doble liberación en algunas versiones de CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 y CloudEngine 12800. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210407-01-doublefree-en • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-22393
https://notcve.org/view.php?id=CVE-2021-22393
There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service. Se presenta una vulnerabilidad de denegación de servicio en algunas versiones de CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 y CloudEngine 12800. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210324-01-dos-en •
CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0CVE-2020-1865
https://notcve.org/view.php?id=CVE-2020-1865
There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation. Se presenta una vulnerabilidad de lectura fuera de límites en los productos Huawei CloudEngine. El software lee los datos más allá del final del búfer previsto cuando se analiza determinado mensaje PIM, un atacante adyacente podría enviar mensajes PIM diseñados al dispositivo, una explotación con éxito podría causar una lectura fuera de límites cuando el sistema realiza la operación determinada • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2020-9124
https://notcve.org/view.php?id=CVE-2020-9124
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak. Se presenta una vulnerabilidad de pérdida de memoria en algunas versiones del producto Huawei CloudEngine. Un atacante remoto no autenticado puede explotar esta vulnerabilidad mediante el envío de un mensaje específico al producto afectado. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201223-01-cloudengine-en • CWE-401: Missing Release of Memory after Effective Lifetime •