U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:huawei:manageone:6.5.0:spc100.b220:*:*:*:*:*:*
  • CPE Name Search: true
There are 5 matching records.
Displaying matches 1 through 5.
Vuln ID Summary CVSS Severity
CVE-2021-22409

There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.

Published: May 20, 2021; 4:15:07 PM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 3.5 LOW
CVE-2021-22339

There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.

Published: May 20, 2021; 4:15:07 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 3.5 LOW
CVE-2020-9115

ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device.

Published: November 30, 2020; 7:15:11 PM -0500
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0: 9.0 HIGH
CVE-2019-5289

Gauss100 OLTP database in ManageOne with versions of 6.5.0 have an out-of-bounds read vulnerability due to the insufficient checks of the specific packet length. Attackers can construct invalid packets to attack the active and standby communication channels. Successful exploit of this vulnerability could allow the attacker to crash the database on the standby node.

Published: November 13, 2019; 12:15:14 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-14835

A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.

Published: September 17, 2019; 12:15:10 PM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH