Huawei Manageone
15 CVEs affecting Huawei Manageone. Latest disclosed: 2021-10-27. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-22314 | High | 7.8 | 2021-03-22 | There is a local privilege escalation vulnerability in some versions of ManageOne. A local authenticated attacker could perform specific operations to exploit… |
CVE-2021-22299 | High | 7.8 | 2021-02-06 | There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated attacker could craft specific commands to exploit this vuln… |
CVE-2019-14835 | High | 7.8 | 2019-09-17 | A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, lo… |
CVE-2021-22293 | High | 7.5 | 2021-02-06 | Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Af… |
CVE-2019-5289 | High | 7.5 | 2019-11-13 | Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet lengt… |
CVE-2021-22311 | High | 7.2 | 2021-03-22 | There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher pri… |
CVE-2020-9115 | High | 7.2 | 2020-12-01 | ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker w… |
CVE-2021-37131 | Medium | 6.8 | 2021-10-27 | There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability t… |
CVE-2021-22397 | Medium | 6.7 | 2021-08-02 | There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some files are lack of verification when they are be called. At… |
CVE-2021-22339 | Medium | 6.5 | 2021-05-20 | There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an atta… |
CVE-2021-22298 | Medium | 6.5 | 2021-02-06 | There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulne… |
CVE-2021-22409 | Medium | 5.3 | 2021-05-20 | There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the serv… |
CVE-2020-9205 | Medium | 4.9 | 2021-02-06 | There has a CSV injection vulnerability in ManageOne 8.0.1. An attacker with common privilege may exploit this vulnerability through some operations to inject… |
CVE-2021-22340 | Medium | 4.1 | 2021-06-29 | There is a multiple threads race condition vulnerability in Huawei product. A race condition exists for concurrent I/O read by multiple threads. An attacker wi… |
CVE-2020-1862 | Low | 3.3 | 2020-03-20 | There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due… |