cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-9236,https://securityvulnerability.io/vulnerability/CVE-2020-9236,Improper Interface Design in Huawei Products,"An improper interface design vulnerability has been identified in multiple products by Huawei, where specific operations of a module interface are not handled properly. This oversight allows attackers to exploit the vulnerability, facilitating the execution of unauthorized actions that compromise the functionality and security of the module service. As organizations increasingly rely on Huawei's networking solutions, awareness and proactive measures to mitigate this vulnerability are crucial for maintaining robust cybersecurity defenses.",Huawei,Fusioncompute,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,false,,2024-12-27T09:52:11.426Z,0
CVE-2020-9222,https://securityvulnerability.io/vulnerability/CVE-2020-9222,Privilege Escalation Vulnerability in Huawei FusionCompute Products,"A serious privilege escalation issue has been identified within Huawei's FusionCompute product line. This vulnerability arises from inadequate verification measures during the deserialization process of specific files, creating a potential exploit vector for local attackers. If successfully exploited, attackers could manipulate the system to gain elevated permissions, compromising the integrity of the affected environments. Organizations utilizing Huawei FusionCompute should take immediate action to assess their security posture, implement necessary patches, and ensure that systems are fortified against such vulnerabilities. For detailed security advisories and remediation strategies, refer to Huawei's official security advisory.",Huawei,Fusioncompute,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2024-12-27T09:50:01.133Z,0
CVE-2021-37102,https://securityvulnerability.io/vulnerability/CVE-2021-37102,Command Injection Vulnerability in FusionCompute by Huawei,"A command injection vulnerability exists in the CMA service module of Huawei's FusionCompute when handling the default certificate file. The issue arises due to improper validation of user input, allowing an attacker to execute arbitrary commands on the affected system. This vulnerability affects multiple versions of FusionCompute, including 6.0.0 and 8.0.0, potentially leading to unauthorized access and manipulation of system operations.",Huawei,Fusioncompute,8.8,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2021-11-23T15:02:39.000Z,0
CVE-2021-37036,https://securityvulnerability.io/vulnerability/CVE-2021-37036,Information Leak Vulnerability in FusionCompute and eCNS280_TD Products by Huawei,"An information leakage vulnerability exists in FusionCompute 6.5.1 and specific versions of eCNS280_TD due to the improper storage of sensitive information in log files. This flaw can be exploited by attackers to retrieve confidential user data during the device login process, potentially leading to unauthorized information access.",Huawei,Fusioncompute;ecns280 Td,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-11-23T14:59:57.000Z,0
CVE-2021-37105,https://securityvulnerability.io/vulnerability/CVE-2021-37105,Improper File Upload Vulnerability in FusionCompute by Huawei,"An improper file upload control vulnerability exists in Huawei's FusionCompute versions 6.5.0, 6.5.1, and 8.0.0. This security issue arises from inadequate verification of uploaded files, which fails to impose stringent restrictions on file access paths. Consequently, attackers may exploit this flaw to upload potentially harmful files, leading to abnormal service behavior within the compromised systems. Organizations using affected versions should take immediate steps to mitigate potential impacts and secure their environments.",Huawei,Fusioncompute,7.5,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2021-09-28T14:03:53.000Z,0
CVE-2021-37106,https://securityvulnerability.io/vulnerability/CVE-2021-37106,Command Injection Vulnerability in FusionCompute Products by Huawei,"A command injection vulnerability exists in the CMA service module of Huawei’s FusionCompute, affecting versions 6.3.0, 6.3.1, 6.5.0, and 8.0.0. This vulnerability arises from improper validation of user input while processing the default certificate file. Attackers could exploit this flaw to inject arbitrary commands into the system, which may lead to unauthorized access or control over the affected installations. Organizations using these versions are encouraged to apply available patches and monitoring solutions to safeguard against potential exploitation.",Huawei,Fusioncompute,7.2,HIGH,0.0012499999720603228,false,,false,false,false,,,false,false,,2021-09-28T14:02:38.000Z,0
CVE-2021-22358,https://securityvulnerability.io/vulnerability/CVE-2021-22358,,"There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input validation is insufficient, an attacker can exploit this vulnerability to upload any files to the device. Successful exploit may cause the service abnormal.",Huawei,Fusioncompute,4.3,MEDIUM,0.0006699999794363976,false,,false,false,false,,,false,false,,2021-05-27T12:33:19.000Z,0
CVE-2020-9116,https://securityvulnerability.io/vulnerability/CVE-2020-9116,,"Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege.",Huawei,Fusioncompute,7.2,HIGH,0.0015200000489130616,false,,false,false,false,,,false,false,,2020-12-01T00:15:00.000Z,0
CVE-2020-9114,https://securityvulnerability.io/vulnerability/CVE-2020-9114,,"FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation.",Huawei,Fusioncompute,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-12-01T00:04:44.000Z,0
CVE-2020-9128,https://securityvulnerability.io/vulnerability/CVE-2020-9128,,FusionCompute versions 8.0.0 have an insecure encryption algorithm vulnerability. Attackers with high permissions can exploit this vulnerability to cause information leak.,Huawei,Fusioncompute,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-11-12T13:50:46.000Z,0
CVE-2020-9246,https://securityvulnerability.io/vulnerability/CVE-2020-9246,,FusionCompute 8.0.0 has an information leak vulnerability. A module does not launch strict access control and information protection. Attackers with low privilege can get some extra information. This can lead to information leak.,Huawei,Fusioncompute,6.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-08-21T13:33:15.000Z,0
CVE-2020-9233,https://securityvulnerability.io/vulnerability/CVE-2020-9233,,FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerability to delete some files and cause some services abnormal.,Huawei,Fusioncompute,9.1,CRITICAL,0.0014400000218302011,false,,false,false,false,,,false,false,,2020-08-17T15:11:31.000Z,0
CVE-2020-9242,https://securityvulnerability.io/vulnerability/CVE-2020-9242,,"FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack.",Huawei,Fusioncompute,8.8,HIGH,0.001769999973475933,false,,false,false,false,,,false,false,,2020-08-17T14:52:10.000Z,0
CVE-2020-9229,https://securityvulnerability.io/vulnerability/CVE-2020-9229,,"FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.",Huawei,Fusioncompute,4.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-08-14T14:50:07.000Z,0
CVE-2020-9228,https://securityvulnerability.io/vulnerability/CVE-2020-9228,,"FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.",Huawei,Fusioncompute,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-08-14T14:43:55.000Z,0
CVE-2020-9078,https://securityvulnerability.io/vulnerability/CVE-2020-9078,,"FusionCompute 8.0.0 have local privilege escalation vulnerability. A local, authenticated attacker could perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service.",Huawei,Fusioncompute,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-08-10T19:14:49.000Z,0
CVE-2020-9248,https://securityvulnerability.io/vulnerability/CVE-2020-9248,,Huawei FusionComput 8.0.0 have an improper authorization vulnerability. A module does not verify some input correctly and authorizes files with incorrect access. Attackers can exploit this vulnerability to launch privilege escalation attack. This can compromise normal service.,Huawei,Fusioncompute,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-07-31T12:24:25.000Z,0
CVE-2016-6827,https://securityvulnerability.io/vulnerability/CVE-2016-6827,,"Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES keys in a file, which allows remote authenticated users to obtain sensitive information via unspecified vectors.",Huawei,Fusioncompute,6.5,MEDIUM,0.0013800000306218863,false,,false,false,false,,,false,false,,2016-09-26T16:00:00.000Z,0
CVE-2016-4057,https://securityvulnerability.io/vulnerability/CVE-2016-4057,,Huawei FusionCompute before V100R005C10SPC700 allows remote authenticated users to cause a denial of service (resource consumption) via a large number of crafted packets.,Huawei,Fusioncompute,6.5,MEDIUM,0.0012100000167265534,false,,false,false,false,,,false,false,,2016-06-30T16:00:00.000Z,0
CVE-2015-8336,https://securityvulnerability.io/vulnerability/CVE-2015-8336,,"Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive ""role and permission"" information via unspecified vectors.",Huawei,Fusioncompute Firmware,4.3,MEDIUM,0.0008099999977275729,false,,false,false,false,,,false,false,,2016-04-14T15:00:00.000Z,0