Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fusionsphere_openstack
(Huawei)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-11-22 | CVE-2017-8190 | FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software. | Fusionsphere_openstack | 6.7 | ||
| 2017-11-22 | CVE-2017-8189 | FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. | Fusionsphere_openstack | 6.0 | ||
| 2017-11-22 | CVE-2017-8188 | FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution. | Fusionsphere_openstack | 7.2 | ||
| 2017-11-22 | CVE-2017-8135 | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | Fusionsphere_openstack | 8.8 | ||
| 2017-11-22 | CVE-2017-8134 | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | Fusionsphere_openstack | 8.8 | ||
| 2017-11-22 | CVE-2017-8132 | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | Fusionsphere_openstack | 8.8 | ||
| 2017-11-22 | CVE-2017-8131 | The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | Fusionsphere_openstack | 8.8 | ||
| 2017-11-22 | CVE-2017-2719 | FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | Fusionsphere_openstack | 8.8 | ||
| 2017-11-22 | CVE-2017-2718 | FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. | Fusionsphere_openstack | 8.8 | ||
| 2017-11-22 | CVE-2017-2714 | The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system. | Fusionsphere_openstack | 8.0 |