Huawei HarmonyOS Storage Vectors Out-of-Bounds Read Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. An out-of-bounds read vulnerability exists in Huawei HarmonyOS, which stems from an out-of-bounds array read in the storage dimension module. An attacker could...

Huawei HarmonyOS Fingerprint Module Logic Error Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS version 2.0 contains a logic error vulnerability that stems from a business logic error in the fingerprint module. An attacker could exploit the...

Huawei HarmonyOS mptcp module out-of-bounds read vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a microkernel-based distributed operating system. The Huawei HarmonyOS mptcp module is vulnerable to an out-of-bounds read vulnerability, which could be exploited to modify program information to enable root...

Huawei HarmonyOS HISP module input validation error vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, distributed operating system. Huawei HarmonyOS is vulnerable to an input validation error, which stems from the existence of a HISP module that does not validate data passed from the kernel state. An...

Huawei HarmonyOS Denial of Service Vulnerability

Huawei HarmonyOS is an operating system from Huawei, China. It provides a microkernel-based distributed operating system. A denial-of-service vulnerability exists in the Huawei HarmonyOS DFX Deployment Stack module interface calls, which can be exploited by attackers to launch denial-of-service...

Huawei HarmonyOS deserialization vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, full-scenario distributed operating system. Huawei HarmonyOS is vulnerable to a deserialization vulnerability in the NFC module that results from insecure deserialization of serialized data submitted by th...

Huawei HarmonyOS WLAN module licensing issue vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS has an authorization issue vulnerability that stems from insufficient checksum of WLAN module privileges, which could be exploited by an attacker to cau...

Huawei HarmonyOS WLAN module information disclosure vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS is vulnerable to an information disclosure vulnerability caused by insufficient protection of sensitive information in the interface of th...

Huawei HarmonyOS Information Disclosure Vulnerability (CNVD-2022-81254)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS is vulnerable to an information disclosure vulnerability that could be exploited by attackers to compromise confidentiality...

Huawei HarmonyOS HwChrService module licensing issue vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS is vulnerable to an authorization issue stemming from improper privilege management in the HwChrService module, which could be exploited b...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a configuration flaw. An attacker exploited the vulnerability to cause availability to...

CVE-2022-35245

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of...

CVE-2022-34844

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management...

CVE-2022-34655

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. Note: Software versions which have...

CVE-2022-34844

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management...

Design/Logic Flaw

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate...

Design/Logic Flaw

In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel TMM to terminate. Note: Software versions which have...

Design/Logic Flaw

In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework MRF virtual server, undisclosed traffic may cause the Traffic Management Microkernel TMM to produce a core file and the connection to terminate...

Input validation

In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management...

CVE-2022-35245

CVE-2022-35245 affects BIG-IP APM when an access policy is configured on a virtual server; undisclosed traffic can trigger TMM termination, causing DoS. Connected advisories specify affected branches: BIG-IP APM versions 16.1.0–16.1.3 (with 16.1.3.1 as the fix), 15.1.0–15.1.6 (fix 15.1.6.1), and ...