** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

* * 拒绝 * * 不要使用此候选人编号。没有。原因: 这位候选人被其 CNA 撤回。注释: 无。

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

* * 拒绝 * * 不要使用此候选人编号。没有。原因: 这位候选人被其 CNA 撤回。注释: 无。

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

* * 拒绝 * * 不要使用此候选人编号。没有。原因: 这位候选人被其 CNA 撤回。注释: 无。

A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.

在 gfs2文件系统处理 acl (访问控制列表)时发现了一个缺陷。非特权的本地攻击者可以利用这个缺陷获得访问权限或执行存储在 gfs2文件系统中的任何文件。

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

* * 拒绝 * * 不要使用此候选人编号。没有。原因: 这位候选人被其 CNA 撤回。注释: 无。

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

发现2.0 RC2以下的所有 OWASP ESAPI 都容易受到 padding oracle 攻击。

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

* * 拒绝 * * 不要使用此候选人编号。没有。原因: 这位候选人被其 CNA 撤回。进一步的调查表明，这不是一个安全问题。注释: 无。

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.

在2.0.10之前的普通论坛中就发现了一个跨网站脚本漏洞，在这个漏洞中文件名可能包含要在客户端执行的任意代码。

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

在2.0.10之前，在普通论坛上就发现了一个在 dispatcher 中的潜在的链接诱饵漏洞。

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

在 FreeBSD 8.0、6.3和4.9以及 OpenBSD 4.6中发现，在 ftpd/popen.c 中的空指针解引用可能导致 ftpd 服务的远程分布式拒绝服务攻击。

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

在 Bitdefender Total Security 中使用的在线威胁预防模块中的不正确的证书验证漏洞允许攻击者潜在地绕过 HTTP严格传输安全检查。此问题影响: 25.0.7.29之前的 Bitdefender Total Security 版本。25.0.7.29之前的 Bitdefender Internet Security 版本。25.0.7.29之前的 Bitdefender Antivirus Plus 版本。

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".

NoneCMS v1.3中的信息披露允许远程攻击者通过组件“/public/index.php”获取敏感信息。

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".

NoneCMS v1.3中的信息披露允许远程攻击者通过组件“/NoneCMS/vendor”获取敏感信息。

Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add".

JuQingCMS v1.0中的跨站点请求伪造(CSRF)允许远程攻击者通过组件“ JuQingCMS _ v1.0/admin/index.php? c = administrator & a = add”获得本地特权。

Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".

在武陟 CMS v4.1.0中，跨网站脚本(XSS)允许远程攻击者通过组件“/coreframe/app/guestbook/myissue.php”中的“ Title”参数执行任意代码。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms check _ availability.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms user-login.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms forgot-password.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms admin appointment-history.PHP 中有一个持久性的跨网站脚本漏洞。远程注册用户可以利用该漏洞获取用户 cookie 数据。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms change-emaild.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms appointment-history.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms get doctor.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms registration.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms get doctor.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms edit-profile.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul Hospital Management System 在 hms book-appointment.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

PHP v4.0中的 PHPGurukul 医院管理系统在 hms admin betweendates-detailsreports.PHP 中有一个 SQL 注入漏洞。远程未经身份验证的用户可以利用该漏洞获取数据库敏感信息。

PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.

PHP v4.0中的 PHPGurukul 医院管理系统在多个领域具有敏感信息披露漏洞。远程未经身份验证的用户可以利用该漏洞获取用户敏感信息。

pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.

在某些情况下，攻击者的主目录是安装在/home 下的 FUSE 文件系统，pam _ setquota.c 在2020-05-29 for Linux-PAM 的 pam _ setquota 模块中允许本地攻击者在任意文件系统上设置他们的配额。

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170639543

在 DeviceAdminReceiver.java 的权限声明中，由于不安全的缺省值，可能缺乏广播保护。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-170639543

In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741

在 wpas/ctrl/msg/queue/timeout/ctrl/iface/unix.c 中，有一个可能的内存损坏是由于 free 之后的使用。这可能导致特权的本地升级，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-168314741

In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756691

在 WiFiInstaller 的 dropFile 中，有一种方法可以删除 CertInstaller 由于一个混乱的副手而可以访问的文件。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-176756691

In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756141

在 WiFiInstaller.java 的 onCreate 中，由于 tapjacking/overlay 攻击，有一种安装恶意 Hotspot 2.0配置的可能方法。这可能导致权限的本地升级，需要用户执行权限。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-176756141

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178821491

在 onCreate of EmergencyCallbackModeExitDialog.java 中，由于一个 tapjacking/overlay 攻击，可能会退出紧急回调模式。这可能导致权限的本地升级，需要用户执行权限。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-178821491

In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673

在 MmsService.java 的 archiveStoredConversation 中，由于缺少权限检查，有一种可能的方法可以在未经用户同意的情况下对消息会话进行存档。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-180419673

In halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169328517

在 halwrapper/datacallback 中。Cc，由于缺少边界检查，有可能出现边界写入。这可能导致特权的本地升级，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-169328517

In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258455

在 phNxpNciHal 的 ext 过程 nfc init rsp。Cc，由于缺少边界检查，可能有一个边界读取的可能出界。这可能导致本地信息披露在 NFC 服务器与系统执行特权需要。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-169258455

In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890

在 BeamTransferManager.java 的更新中，有一个缺失的权限检查。这可能导致成对的蓝牙地址的本地信息披露，而不需要额外的执行特权。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-168712890

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258743

在 phNxpNciHal 进程 ext rsp 的 phNxpNciHal ext。Cc，由于整数溢出，写入可能超出边界。这可能导致特权的本地升级，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-169258743

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169257710

在 phNxpNciHal print res/res/status of phNxpNciHal.cc 中，由于缺少边界检查，可能存在超出边界写入。这可能导致特权的本地升级，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-169257710

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884

在 phNxpNciHal print res/res/status of phNxpNciHal.cc 中，由于缺少边界检查，可能存在超出边界写入。这可能导致 NFC 服务器中本地特权的升级，并需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-169258884

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258733

在 phNxpNciHal print res/res/status of phNxpNciHal.cc 中，由于缺少边界检查，可能存在超出边界写入。这可能导致特权的本地升级，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-169258733

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048

在 NetInitiatedActivity.java 的 onReceive 中，由于缺少权限检查，有一种可能的方法可以向 GPS HAL 处理程序提供攻击者控制的值。这可能会导致本地特权的升级，从而导致某些 HAL 实现不需要额外的执行特权就可以实现未定义行为。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-174151048

In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650357

93 send to lower of rw i93.Cc，由于缺少边界检查，有可能出现边界写入。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-157650357

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896

在 BondStateMachine.java 的 sspRequestCallback 中，由于日志信息的泄露，蓝牙 MAC 地址可能存在泄漏。这可能导致本地信息披露，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-183961896

In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673

在 onLoadFailed of AnnotateActivity.java 中，有一种可能的方法可以获得 WRITE _ external _ storage 权限，而无需得到用户的同意。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-179688673

In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039

在 MediaControlPanel.java 的绑定中，有一种可能的方法可以使用恶意的媒体文件锁定系统 UI，这是由于恶意不正确的输入验证。这可能会导致远程分布式拒绝服务攻击不需要额外的执行特权。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-180518039

In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175124820

在 MediaOutputSlice.java 的 getenditemslicedaction 中，由于不安全的 PendingIntent，可能存在一个权限绕过。这可能导致本地信息披露，需要用户执行权限。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-175124820

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038

在 AppSwitchPreference.java 的 onbindvieolder 中，由于 UI 不清楚，可能会绕过设备管理设置。这可能导致权限的本地升级，需要用户执行权限。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-169936038

In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162

在 BackupManagerService.java 的 isBackupServiceActive 中，有一个缺少的权限检查。这可能导致本地信息披露，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-158482162

In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711

在 protostream _ objectsource 的 RenderStruct 中。Cc 由于缺少空值检查，可能会发生故障。这可能会导致远程分布式拒绝服务攻击不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-179161711

In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172716941

在 fastcodemb.cpp 的 getBlockSum 中，由于堆缓冲区溢出，可能存在读取超出边界的情况。这可能导致本地信息披露，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-172716941

In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129

在 ABuffer.cpp 的 setRange 中，由于整数溢出，可能存在超出边界的写操作。这可能导致不需要额外执行特权的远程代码执行。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-179046129

In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173473906

在 pvmp3 _ framedecode.cpp 的 fillMainDataBuf 中，由于堆缓冲区溢出，可能存在读出界限的情况。这可能导致远程信息披露，而不需要额外的执行特权。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-173473906

In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172312730

在 p _ ol _ wgh.cpp 的 Lag _ max 中，由于缺少边界检查，可能存在读取超出边界的情况。这可能导致远程信息披露，而不需要额外的执行特权。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-172312730

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

在附加到 _ verify _ fifo 交织的 stream _ encoder.c 中，由于缺少边界检查，可能存在超出边界的写操作。这可能导致本地信息披露，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-174302683

In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176084648

在 RasterIntraUpdate of motion _ est.cpp 中，由于不正确的边界检查，可能存在读出边界的情况。这可能导致本地信息披露，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-176084648

In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358

在 ih264e fmt/mt/conv/422i/to/420sp/ih264e/fmt/conv.c 中，由于堆缓冲区溢出，可能存在读出界限。这可能导致本地信息披露，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-172908358

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665

在 CryptoPlugin.cpp 的解密中，由于竞争条件，可能存在一个 after-free 使用。这可能导致特权的本地升级，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-176495665

In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970

在 AudioStream.cpp 的 wrapUserThread 中，由于竞争条件，可以在 free 之后使用。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-174801970

In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175894436

在 timeccheck.cpp 的 accessAudioHalPidscpp 中，由于缺少边界检查，可能存在读取超出边界的情况。这可能导致本地信息披露，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-175894436

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179461812

在受远程控制的 isRestricted of RemoteViews.java 中，由于权限绕过，有一种注入字体文件的可能方法。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-179461812

In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238

在 DevicePolicyManagerService.java 的 onReceive 中，由于缺少权限检查，可能会启用禁用的配置文件。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-170121238

In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174045870

在 ContactsDumpActivity.java 的开始时，由于一个 tapjacking/overlay 攻击，有可能访问联系人。这可能导致本地信息披露，需要用户执行权限。用户交互是利用的必要条件。产品: AndroidVersions: Android-11Android ID: A-174045870

In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178803845

在 BugreportProgressService.java 的 sendBugreportNotification 中，由于不安全的 PendingIntent，存在一个可能的权限绕过。这可能导致权限的本地升级，需要用户执行权限。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-178803845

In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936

在 ActivityTaskManagerService.startActivity ()和 AppTaskImpl.startActivity ()的 ActivityTaskManagerService.java 和 AppTaskImpl.java 中，由于绕过权限，可能存在对受限活动的访问。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-137395936

In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-177931355

在 doNotification of AccountManagerService.java 中，由于不安全的 PendingIntent，存在一个可能的权限绕过。这可能导致本地信息披露，需要用户执行权限。用户交互不需要被利用。产品: AndroidVersions: Android-11Android ID: A-177931355

In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476

在 af _ key.c 的 pfkey _ dump 中，由于缺少边界检查，可能存在超出边界的读取。这可能导致内核中的本地信息披露，并需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android kernelAndroid ID: A-110373476

In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487

在 drm syncobj handle to fd of drm syncobj.c 中，由于不正确的重复计数，有一个在 free 之后使用的可能。这可能导致特权的本地升级，需要系统执行特权。用户交互不需要被利用。产品: AndroidVersions: Android kernelAndroid ID: A-168034487

In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209

在 iaxxx _ calc _ i2s _ div 的 iaxxx-codec.c 中，由于缺少边界检查，可能存在使用用户控制数据的硬件端口写操作。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android kernelAndroid ID: A-180950209

In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704

在 AppLaunchActivity.java 的处理应用中，由于一个混乱的代理，可能存在一个任意的活动启动。这可能导致特权的本地升级，而不需要额外的执行特权。用户交互不需要被利用。产品: AndroidVersions: Android kernelAndroid ID: A-174870704

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.

华为产品存在信息泄漏漏漏洞。模块不能充分处理特定的输入。高特权攻击者可以通过执行某些操作来利用这个漏洞。这可能导致信息泄露。受影响的产品版本包括: IPS Module versions V500R005C00，V500R005C10，V500R005C20; NGFW Module versions V500R005C00，v500r05c10，v500r05c20; SeMG9811 verv500r05c00;9500 V500R001C00，V500R001C20，V500R001C30，v500r01c50，v500r01c60，v500r01c60，v500r01c80，v500r05c00，v500r05c10，v500r05c20.

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.

eCNS280 V100R005C00、 V100R005C10和 eSE620X vESS V100R001C10SPC200、 v100r001c200中存在不正确的授权漏洞。文件访问未被正确授权。低访问权限的攻击者可能在特定情况下启动权限提升。这可能会影响正常的服务。

There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.

eCNS280 _ td V100R005C10SPC650中存在一个资源管理漏洞。攻击者需要执行特定的操作来利用受影响设备上的漏洞。由于功能资源管理不当，可能利用漏洞导致受影响设备的服务异常。

There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal.

eSE620X vESS V100R001C10SPC200、 V100R001C20SPC200、 V200R001C00SPC300存在越界读漏洞。本地攻击者可以通过向目标设备发送特定消息来利用此漏洞。由于内部消息验证不充分，成功的利用可能导致流程和服务异常。

There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS).

eSE620X vESS V100R001C10SPC200、 V100R001C20SPC200、 v200r01c001c00spc300中存在一个越界读漏洞。该漏洞是由于处理内部消息的函数包含一个越界读取漏洞造成的。攻击者可以在系统进程之间精心制作消息，成功的攻击可能导致分布式拒绝服务攻击攻击。

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.

S12700 V200R019C00SPC500、 S2700 v200r000spc500、 S5700 v200r019c0spc500、 S6700 v200r0spc500、 S6700 v200r0spc500存在命令注入漏洞。模块不能充分验证特定的输入。攻击者可以通过发送恶意参数来注入命令来利用这个漏洞。这会影响正常的服务。

There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal.

Ecns280td V100R005C00和 v100r05c10中存在竞态条件漏洞。存在一个计时窗口，其中数据库可以由并发操作的另一个线程操作。成功的开发可能会导致受影响的设备异常。

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.

华为 LTE USB 加密狗产品有一个不正确的权限分配漏洞。攻击者可以在本地访问和登录到个人电脑，诱使用户安装一个特制的应用程序。成功利用此漏洞后，攻击者可以执行未经身份验证的操作。受影响的产品版本包括: E3372 E3372h-153TCPU-V200R002B333D01SP00C00。

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS).

eCNS280 _ td V100R005C10和 eSE620X V100R001C10SPC200、 v100r001c200、 v200r01c20spc200、 V200R001C00SPC300中存在一个越界读漏洞。这个漏洞是由于一个消息处理函数包含了一个超出界限的读漏洞。攻击者可以通过向目标设备发送特定的消息来利用这个漏洞，这可能导致分布式拒绝服务攻击攻击。

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

在 Palo Alto 网络 Cortex XSOAR 中的一个不正确的授权漏洞允许一个远程未经身份验证的攻击者通过 REST API 执行未经授权的操作。这个问题影响: Cortex XSOAR 6.1.0版本比1016923版本晚，比1271064版本早; Cortex XSOAR 6.2.0版本比1271065版本早。这个问题不会影响 Cortex XSOAR 5.5.0、 Cortex XSOAR 6.0.0、 Cortex XSOAR 6.0.1或 Cortex XSOAR 6.0.2版本。所有由 Palo Alto 网络托管的 Cortex XSOAR 实例都被升级以解决此漏洞。对于这些实例不需要额外的操作。

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.

Ampache 是一个开源的基于 web 的音频/视频流应用程序和文件管理器。由于缺少输入过滤版本4.x。在 random.php 中的代码注入很容易受到攻击。这种攻击需要用户通过身份验证访问 random.php 页面，除非站点在演示模式下运行。这个问题已经在4.4.3中得到了解决。

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.

是一款翼龙飞机控制软件的开源游戏管理系统。在“1.4.4”之前的所有翼龙翅膀版本都容易受到系统资源耗尽的影响，原因是对容器加工限制的定义不当。恶意用户可能消耗超出预期的资源，并对同一硬件上的其他客户机造成下游影响，最终导致物理服务器停止响应。用户应该升级到“1.4.4”来缓解这个问题。对于受影响的软件版本，没有基于非代码的解决方案。运行此软件的自定义版本的用户可以手动设置容器创建的 PID 限制。

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.

Ballerina 是一种开源的编程语言和云应用程序程序员的平台。版本1.2. x 和 SL 发布到 alpha 3有潜在的供应链攻击通过 MiTM 对用户。Http 连接没有使用 TLS，证书检查被忽略。该漏洞允许攻击者替换或修改从 BC 检索到的包，从而允许将恶意代码注入芭蕾舞者可执行文件中。这个补丁已经在 Ballerina 1.2.14和 Ballerina SwanLake alpha4中得到了补丁。

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope `bar` is made before the cache has expired. Whether the token is granted or not to the `bar` scope, introspection will be valid. A patch will be released with `v0.38.12-beta.1`. Per default, caching is disabled for the `oauth2_introspection` authenticator. When caching is disabled, this vulnerability does not exist. The cache is checked in [`func (a *AuthenticatorOAuth2Introspection) Authenticate(...)`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L152). From [`tokenFromCache()`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L97) it seems that it only validates the token expiration date, but ignores whether the token has or not the proper scopes. The vulnerability was introduced in PR #424. During review, we failed to require appropriate test coverage by the submitter which is the primary reason that the vulnerability passed the review process.

ORY Oathkeeper 是一个身份和访问代理(IAP)和访问控制决策 API，它根据访问规则集授权 HTTP 请求。当您使用‘ foo’作用域授予的访问令牌向需要‘ foo’作用域的端点发出请求时，自省将是有效的，该令牌将被缓存。当第二个请求在缓存过期之前发送到需要作用域“栏”的端点时，问题就出现了。不管令牌是否被授予“ bar”范围，自省都是有效的。一个补丁将发布“ v0.38.12-beta.1”。默认情况下，“ oauth2_ 自省”身份验证器将禁用缓存。当缓存被禁用时，该漏洞不存在。缓存在[‘ func (a * authenticatoroauth2prospection) Authenticate (...)’中检查( https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#l152)。从[‘ tokenFromCache ()’]( https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#l97)看来，它似乎只验证令牌的过期日期，但忽略了令牌是否具有适当的范围。这个漏洞出现在 PR # 424中。在评审过程中，我们没有要求提交者提供适当的测试覆盖率，这是漏洞通过评审过程的主要原因。

A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.

在 Ice Hrm 29.0.0中发现了一个存储的跨网站脚本安全漏洞。操作系统，允许攻击者通过上传到文档管理标签的精心制作的文件执行任意的网络脚本或 HTML。当用户访问精心设计的文件的上传位置时，这个漏洞就会被触发。

A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.

在 Ice Hrm 29.0.0中发现了一个跨站点请求伪造(CSRF)漏洞。该操作系统允许攻击者创建新的管理员帐户或更改用户的密码。

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

Trusty (NVIDIA 为 Jetson 设备生产的可信 OS)驱动程序包含 NVIDIA OTE 协议消息解析代码中的一个漏洞，其中 malloc ()大小计算中的整数溢出导致堆上的缓冲区溢出，这可能导致信息泄露、权限升级和分布式拒绝服务攻击溢出。

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.

可信的 TLK 在 NVIDIA TLK 核心函数中包含一个漏洞，缺少检查允许利用 tz _ map _ shared _ mem 函数的 size 参数的整数溢出。

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.

在 NVIDIA TLK 内核中包含一个漏洞，在这个漏洞中缺少对 req _ off 和 param _ ofs 变量的整数溢出检查会导致关键内核结构的内存损坏。

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.

包含了 NVIDIA TLK 内核的一个漏洞，其中 tz map shared mem 函数中的整数溢出可以绕过边界检查，这可能导致分布式拒绝服务攻击。

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.

Trusty 在 tsecta 中包含一个漏洞，该漏洞会反序列化传入的消息，即使 tsecta 没有公开任何命令。此漏洞可能允许攻击者利用反序列化器影响代码执行，从而导致信息泄露。

Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.

Trusty 在所有 TAs 中包含一个漏洞，其反序列化器不会拒绝多次出现相同参数的消息。不可信数据的反序列化可能允许攻击者利用反序列化器来影响代码执行。

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service.

信任 TLK 在其访问权限设置中包含一个漏洞，该漏洞没有正确地限制具有本地特权的用户对资源的访问，这可能导致有限的信息披露和有限的分布式拒绝服务攻击。

Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.

Bootloader 在访问权限设置中包含一个漏洞，未经授权的软件可能会覆盖 NVIDIA MB2代码，这将导致有限的分布式拒绝服务攻击。

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.

Bootloader 在 NVIDIA MB2中包含一个漏洞，这个漏洞可能会导致释放错误堆，这可能会限制分布式拒绝服务攻击。

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

对于 Eclipse Jetty 版本 < = 9.4.40，< = 10.0.2，< = 11.0.2，如果从 SessionListener # sessiondestroyed ()方法引发异常，那么会话 ID 在会话 ID 管理器中不会无效。对于具有集群会话和多个上下文的部署，这可能导致会话不失效。这可能导致在共享计算机上使用的应用程序留下登录。

Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.

在 Ice Hrm 29.0.0中的跨网站脚本安全漏洞。操作系统，允许攻击者通过参数执行任意代码到/app/endpoint。

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.

在 Ice Hrm 29.0.0操作系统中发现了一个会话固定漏洞，允许攻击者通过一个精心制作的会话 cookie 劫持一个有效的用户会话。

Gitpod before 0.6.0 allows unvalidated redirects.

0.6.0之前允许未经验证的重定向。