厂商发布
厂商对产品安全、配置或策略的更新说明。
-
Linux Kernel Local Privilege Escalation Vulnerability "Copy Fail" in Some Huawei Products
The Linux kernel used by some Huawei products has a local privilege escalation vulnerability. Successful exploitation of this vulnerability allows attackers to escalate the local privilege to root or perform container escape. (Vulnerability ID:HWPSIRT-2026-49540) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2026-31…
The Linux kernel used by some Huawei products has a local privilege escalation vulnerability. Successful exploitation of this vulnerability allows attackers to escalate the local privilege to root or perform container escape. (Vulnerability ID:HWPSIRT-2026-49540) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2026-31The Linux kernel used by some Huawei products has a local privilege escalation vulnerability. Successful exploitation of this vulnerability allows attackers to escalate the local privilege to root or perform container escape. (Vulnerability ID:HWPSIRT-2026-49540) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2026-31431扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2026-49540" ], "language": "en", "sasn_no": "huawei-sa-LKLPEVCFiSHP-32146806", "sasn_version": "2.4", "severity": "High", "vulnerabilities": [ { "cveId": "CVE-2026-31431", "hwPsirtId": "HWPSIRT-2026-49540" } ] } -
Linux Kernel ESP in Some Huawei Products Vulnerable to Local Privilege Escalation "Dirty Frag"
The IPsec ESP in Linux kernel used by some Huawei products has a local privilege escalation vulnerability "Dirty Frag". Successful exploitation of this vulnerability may allow attackers to escalate privileges through page-cache corruption. (Vulnerability ID:HWPSIRT-2026-27380) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) …
The IPsec ESP in Linux kernel used by some Huawei products has a local privilege escalation vulnerability "Dirty Frag". Successful exploitation of this vulnerability may allow attackers to escalate privileges through page-cache corruption. (Vulnerability ID:HWPSIRT-2026-27380) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE)The IPsec ESP in Linux kernel used by some Huawei products has a local privilege escalation vulnerability "Dirty Frag". Successful exploitation of this vulnerability may allow attackers to escalate privileges through page-cache corruption. (Vulnerability ID:HWPSIRT-2026-27380) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2026-43284扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2026-27380" ], "language": "en", "sasn_no": "huawei-sa-LKEiSHPVtLPEDF-60937345", "sasn_version": "2.1", "severity": "High", "vulnerabilities": [ { "cveId": "CVE-2026-43284", "hwPsirtId": "HWPSIRT-2026-27380" } ] } -
PLY Remote Code Execution Vulnerability in Some Huawei Products
The PLY (Python Lex-Yacc) library used by some Huawei products has a remote code execution vulnerability. Remote attackers may use the pickle file to trigger code execution. (Vulnerability ID:HWPSIRT-2026-41072) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-56005
The PLY (Python Lex-Yacc) library used by some Huawei products has a remote code execution vulnerability. Remote attackers may use the pickle file to trigger code execution. (Vulnerability ID:HWPSIRT-2026-41072) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-56005The PLY (Python Lex-Yacc) library used by some Huawei products has a remote code execution vulnerability. Remote attackers may use the pickle file to trigger code execution. (Vulnerability ID:HWPSIRT-2026-41072) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-56005扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2026-41072" ], "language": "en", "sasn_no": "huawei-sa-PRCEViSHP-00915157", "sasn_version": "1.8", "severity": "Critical", "vulnerabilities": [ { "cveId": "CVE-2025-56005", "hwPsirtId": "HWPSIRT-2026-41072" } ] } -
CPython Denial of Service Vulnerability in Some Huawei Products
The open-source software CPython used by some Huawei products has a denial of service (DoS) vulnerability. Successful exploitation of this vulnerability may lead to OOM and DoS. (Vulnerability ID:HWPSIRT-2025-91817) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-13836
The open-source software CPython used by some Huawei products has a denial of service (DoS) vulnerability. Successful exploitation of this vulnerability may lead to OOM and DoS. (Vulnerability ID:HWPSIRT-2025-91817) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-13836The open-source software CPython used by some Huawei products has a denial of service (DoS) vulnerability. Successful exploitation of this vulnerability may lead to OOM and DoS. (Vulnerability ID:HWPSIRT-2025-91817) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-13836扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2025-91817" ], "language": "en", "sasn_no": "huawei-sa-CDoSViSHP-68477227", "sasn_version": "1.7", "severity": "Critical", "vulnerabilities": [ { "cveId": "CVE-2025-13836", "hwPsirtId": "HWPSIRT-2025-91817" } ] } -
Jaspersoft Deserialization Vulnerability in Some Huawei Products
The open-source software Jaspersoft used by some Huawei products has a deserialization vulnerability. Successful exploitation of this vulnerability may lead to remote arbitrary code execution. (Vulnerability ID:HWPSIRT-2025-14096) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-10492
The open-source software Jaspersoft used by some Huawei products has a deserialization vulnerability. Successful exploitation of this vulnerability may lead to remote arbitrary code execution. (Vulnerability ID:HWPSIRT-2025-14096) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-10492The open-source software Jaspersoft used by some Huawei products has a deserialization vulnerability. Successful exploitation of this vulnerability may lead to remote arbitrary code execution. (Vulnerability ID:HWPSIRT-2025-14096) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-10492扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2025-14096" ], "language": "en", "sasn_no": "huawei-sa-JDViSHP-74078912", "sasn_version": "1.3", "severity": "Critical", "vulnerabilities": [ { "cveId": "CVE-2025-10492", "hwPsirtId": "HWPSIRT-2025-14096" } ] } -
ANSI Escape Sequence Injection Vulnerabilitiy in Some Huawei Products
Some Huawei products that use Apache Tomcat have an ANSI escape sequence injection vulnerability in the Windows console environment. Attackers can exploit this vulnerability to manipulate the console display and induce administrators to execute malicious commands. (Vulnerability ID:HWPSIRT-2025-45144) This vulnerability has been assigned a Common Vulnerabili…
Some Huawei products that use Apache Tomcat have an ANSI escape sequence injection vulnerability in the Windows console environment. Attackers can exploit this vulnerability to manipulate the console display and induce administrators to execute malicious commands. (Vulnerability ID:HWPSIRT-2025-45144) This vulnerability has been assigned a Common VulnerabiliSome Huawei products that use Apache Tomcat have an ANSI escape sequence injection vulnerability in the Windows console environment. Attackers can exploit this vulnerability to manipulate the console display and induce administrators to execute malicious commands. (Vulnerability ID:HWPSIRT-2025-45144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-55754扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2025-45144" ], "language": "en", "sasn_no": "huawei-sa-AESIViSHP-40005749", "sasn_version": "2.6", "severity": "Critical", "vulnerabilities": [ { "cveId": "CVE-2025-55754", "hwPsirtId": "HWPSIRT-2025-45144" } ] } -
cJSON Out-of-bounds Access Vulnerability in Some Huawei Products
The open-source software cJSON used by some Huawei products has an out-of-bounds access vulnerability. Successful exploitation of this vulnerability may lead to data tampering, information leakage, or DoS. (Vulnerability ID:HWPSIRT-2025-11571) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-57052
The open-source software cJSON used by some Huawei products has an out-of-bounds access vulnerability. Successful exploitation of this vulnerability may lead to data tampering, information leakage, or DoS. (Vulnerability ID:HWPSIRT-2025-11571) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-57052The open-source software cJSON used by some Huawei products has an out-of-bounds access vulnerability. Successful exploitation of this vulnerability may lead to data tampering, information leakage, or DoS. (Vulnerability ID:HWPSIRT-2025-11571) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2025-57052扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2025-11571" ], "language": "en", "sasn_no": "huawei-sa-cOobAViSHP-83078587", "sasn_version": "2.8", "severity": "Critical", "vulnerabilities": [ { "cveId": "CVE-2025-57052", "hwPsirtId": "HWPSIRT-2025-11571" } ] } -
NetFilter Use of Uninitialized Resource in Some Huawei Products
The open-source component NetFilter used by some Huawei products is vulnerable to the use of uninitialized resource. Successful exploitation of this vulnerability may lead to abnormal functions. (Vulnerability ID:HWPSIRT-2024-59193) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2024-47685
The open-source component NetFilter used by some Huawei products is vulnerable to the use of uninitialized resource. Successful exploitation of this vulnerability may lead to abnormal functions. (Vulnerability ID:HWPSIRT-2024-59193) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2024-47685The open-source component NetFilter used by some Huawei products is vulnerable to the use of uninitialized resource. Successful exploitation of this vulnerability may lead to abnormal functions. (Vulnerability ID:HWPSIRT-2024-59193) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID:CVE-2024-47685扩展字段
{ "hw_psirt_ids": [ "HWPSIRT-2024-59193" ], "language": "en", "sasn_no": "huawei-sa-NUoURiSHP-98740795", "sasn_version": "4.9", "severity": "Critical", "vulnerabilities": [ { "cveId": "CVE-2024-47685", "hwPsirtId": "HWPSIRT-2024-59193" } ] }