Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.

Blinger.io v.1.0.2519容易受到Blind / Persistent XSS的攻击。攻击者可以通过内置通信渠道发送任意JavaScript代码，例如Telegram，WhatsApp，Viber，Skype，Facebook，Vkontakte或Odnoklassniki。在对话/全部，对话/收件箱，对话/未分配和对话/关闭的管理面板中，此操作处理不当。

A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.

在Infinispan版本10中发现了一个漏洞，该漏洞允许通过REST和HotRod API在本地访问控件。此缺陷使通过本地计算机身份验证的用户可以对缓存执行所有操作，包括整个服务器的创建，更新，删除和关闭。

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.

rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.

rConfig 3.9.4和更早版本允许通过将伪造的GET请求发送到lib / ajaxHandlers / ajaxAddTemplate.php或lib / ajaxHandlers / ajaxEditTemplate.php来执行（系统命令的）身份验证代码执行。

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

Apache Kylin 2.0.0、2.1.0、2.2.0、2.3.0、2.3.1、2.3.2、2.4.0、2.4.1、2.5.0、2.5.1、2.5.2、2.6.0， 2.6.1、2.6.2、2.6.3、2.6.4、2.6.5、2.6.6、3.0.0-alpha，3.0.0-alpha2、3.0.0-beta，3.0.0、3.0.1， 3.0.2、3.1.0、4.0.0-alpha拥有一个静态的api，无需任何身份验证即可公开Kylin的配置信息，因此这很危险，因为某些机密信息条目会向所有人公开。

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here.

在Sylius 1.6.9、1.7.9和1.8.3之前的版本中，用户可以通过电子邮件mail@example.com在商店中注册，进行验证，将其更改为电子邮件another@domain.com，并保持验证和启用状态。这可能导致帐户被发送到完全不同的电子邮件，并且已经过验证。请注意，这种方式无法接管任何现有帐户（来宾或普通帐户）。该问题已在Sylius 1.6.9、1.7.9和1.8.3中修复。解决方法是，您可以通过创建自定义事件侦听器自行解决此问题，该侦听器将侦听sylius.customer.pre_update事件。如果客户电子邮件和用户名不同，则可以确定电子邮件已更改。稍后将它们同步。请注意管理员更改电子邮件的行为。您可能需要为他们跳过此逻辑。为了实现此目的，您应该检查主请求路径信息（如果它不包含/ admin前缀）或调整商店中客户更新期间触发的事件。您可以在此处找到有关如何自定义事件的更多信息。

A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0.

在“对象路径” <= 0.11.4中发现了一个原型污染漏洞，影响了“ set（）”方法。该漏洞仅限于“ includeInheritedProps”模式（如果使用版本> = 0.11.0），必须通过创建“ object-path”的新实例并设置选项“ includeInheritedProps：true”来明确启用该模式，或者通过使用默认的`withInheritedProps`实例。如果使用版本> = 0.11.0，则默认操作模式不受此漏洞影响。版本低于0.11.0的任何set（）用法都是易受攻击的。该问题已在对象路径版本0.11.5中得到解决。作为一种解决方法，如果使用版本> = 0.11.0，请勿使用`includeInheritedProps：true`选项或`withInheritedProps`实例。

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.

在Windows上，Veyon Service 4.4.2之前的版本包含一个未引用的服务路径漏洞，该漏洞使具有管理权限的本地身份验证用户可以使用LocalSystem权限运行恶意可执行文件。由于Veyon用户（包括学生和教师）通常没有管理权限，因此此漏洞仅在无论如何都不安全的设置中都是危险的。该问题已在版本4.4.2中修复。作为一种解决方法，可以通过撤回所有潜在的不可信任用户的管理特权来防止利用漏洞。

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.

在1.5.1版之前的webpack-subresource-integrity中，所有动态加载的块均收到无效的完整性哈希，该哈希将被浏览器忽略，因此浏览器无法验证其完整性。这消除了SRI为此类块提供的额外保护级别。顶级块不受影响。该问题已在1.5.1版中修复。

In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.

在9.4.4版之前的平台中，不能正确转义内联属性。如果未转义来自用户的数据，则可能存在XSS漏洞。该问题在9.0.0中引入，并在9.4.4中修复。

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

在2020.2.10514之前的JetBrains YouTrack中，SSRF是可能的，因为可以逃避URL过滤。

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.

SolarWinds N-Central版本12.3 GA和更低版本未将JSESSIONID属性设置为HTTPOnly。这样就可以用javascript影响cookie。攻击者可以将用户发送到准备好的网页，或者通过影响JavaScript提取JESSIONID。然后可以将其转发给攻击者。

GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.

截至1.5的GoPro gpmf-parser在GPMF_ExpandComplexTYPE（）中具有堆栈越界写入漏洞。解析恶意输入可能会导致崩溃或潜在地执行任意代码。

GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.

GoPro gpmf-parser 1.5在GPMF_ScaledData（）中具有堆越界读取和段错误。解析恶意输入可能导致崩溃或信息泄露。

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.

GoPro gpmf-parser 1.5在GPMF_Decompress（）中有一个被零除的漏洞。解析恶意输入可能会导致崩溃。

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.

GoPro gpmf-parser 1.5在GPMF_ScaledData（）中有一个被零除的漏洞。解析恶意输入可能会导致崩溃。

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.

在tcpreplay tcpprep v4.3.3中发现了一个问题。 MemcmpInterceptorCommon（）中存在一个堆缓冲区溢出漏洞，该漏洞可能使tcpprep崩溃并导致拒绝服务。

An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.

在tcpreplay tcpprep v4.3.3中发现了一个问题。 get_l2len（）中存在一个堆缓冲区溢出漏洞，该漏洞会使tcpprep崩溃并导致拒绝服务。

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

4.2.3之前的Freebox Server的UPnP MediaServer实现中的DNS重新绑定漏洞。

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.

到2.0.2版为止，在yubihsm-shell的yh_create_session（）函数中发现了一个问题。该函数不会显式检查从设备返回的会话ID。无效的会话ID将导致会话数组中的读和写操作超出范围。攻击者可以使用它来引起拒绝服务攻击。

An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.

在yubihsm-shell的2.0.2版的_send_secure_msg（）函数中发现了一个问题。该功能不会验证从设备接收到的消息的嵌入长度字段。这可能会导致过大的memcpy（）调用，从而使正在运行的进程崩溃。攻击者可以使用它来导致拒绝服务。

A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个远程urlaccesscontroller身份验证绕过漏洞：在iMC PLAT 7.3（E0705P07）之前。

A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个远程operatoronlinelist_content特权升级漏洞：在iMC PLAT 7.3（E0705P07）之前。

A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个基于tftpserver堆栈的缓冲区溢出远程执行代码漏洞：在iMC PLAT 7.3（E0705P07）之前。

A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个远程accessmgrservlet类名输入验证代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本：iMC PLAT 7.3（E0705P07）之前的版本中发现了一个不可信数据远程执行代码漏洞的accessmgrservlet类名反序列化。

A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个“远程字节消息资源转换”输入验证代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了图例表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了syslogtempletselectwin表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了addvsiinterfaceinfo表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/m.login.recaptcha or /_matrix/client/r0/auth/m.login.terms Synapse 974923.

由于不安全地插入会话GET参数，因此1.21.0之前的Matrix Synapse中的AuthRestServlet容易受到XSS的攻击。通过向受害用户提供到/_matrix/client/r0/auth/m.login.recaptcha或/ _matrix / client / r0的恶意URL，远程攻击者可以在Synapse托管的域上执行XSS攻击。 /auth/m.login.terms Synapse 974923。

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.

OneThird CMS v1.96c和更早版本中的本地文件包含漏洞允许远程未经身份验证的攻击者执行任意代码或通过未指定的向量获取敏感信息。

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table.

Allen-Bradley Flex IO 1794-AENT / B 4.003的ENIP请求路径逻辑段功能中存在一个可利用的拒绝服务漏洞。特制的网络请求可能会导致与设备的通信中断，从而导致拒绝服务。攻击者可以通过发送电子密钥段（其字节数少于密钥格式表的字节数）来发送恶意数据包以触发此漏洞。

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field.

Allen-Bradley Flex IO 1794-AENT / B 4.003的ENIP请求路径逻辑段功能中存在一个可利用的拒绝服务漏洞。特制的网络请求可能会导致与设备的通信中断，从而导致拒绝服务。攻击者可以通过在“密钥格式”字段后发送少于0x18字节的电子密钥段来发送恶意数据包以触发此漏洞。

A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了adddevicetoview表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个eventinfo_content表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了Faultdevparasset表达语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了comparefilesresult表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了一个selectperfview表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个devgroupselect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了deployselectbootrom表达式语言注入远程执行代码漏洞：在iMC PLAT 7.3之前（E0705P07）。

A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了deployselectsoftware表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个ictexpertcsvdownload表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本：iMC PLAT 7.3（E0705P07）之前的版本中发现了一个faultstatchoosefaulttype类型表达语言注入远程代码执行漏洞。

A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了FaulttrapgroupSelect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了一个故障参数表达语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了iccselectdevtype表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了一个ifviewselectpage表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个选择表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了faultinfo_content表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了一个selviewnavcontent表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个perfselecttask表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个customtemplateselect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了iccselectdeviceseries表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了reporttaskselect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个operatorgroupselectcontent表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了Navigationto表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个operationselect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了iccselectcommand表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个operatorgrouptreeselectcontent表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了一个quicktemplateselect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个selectusergroup表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个ictexpertcsvdownload表达语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个选择表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了guidatadetail表达式语言注入远程执行代码漏洞：在iMC PLAT 7.3（E0705P07）之前。

A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了templateselect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个actionselectcontent表达式语言注入远程执行代码漏洞：在iMC PLAT 7.3之前（E0705P07）。

A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了soapconfigcontent表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了iccselectdymicparam表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本：iMC PLAT 7.3之前（E0705P07）中发现了一个viewtaskresultdetailfact表达式语言注入远程执行代码漏洞。

A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了wmiconfigcontent表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个Mediaforaction表达式语言注入远程执行代码漏洞：在iMC PLAT 7.3之前（E0705P07）。

A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了第三方perfselecttask表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个ictexpertdownload表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个smsrulesdownload表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了sshconfig表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了前向重定向表达语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了一个viewbatchtaskresultdetailfact表达式语言注入远程执行代码漏洞：在iMC PLAT 7.3（E0705P07）之前。

A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个tvxlanlegend表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个powershellconfigcontent表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个报告页索引表达语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了一个用户选择分页的内容表达语言注入远程执行代码漏洞：在iMC PLAT 7.3（E0705P07）之前。

A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了FaultFlashEventSelect事实表达语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了deviceselect表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3之前（E0705P07）。

A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个devsoftsel表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HPE智能管理中心（iMC）版本中发现了devicethresholdconfig表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个ictexpertcsvdownload表达语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个perfaddormoddevicemonitor表达式语言注入远程执行代码漏洞：在iMC PLAT 7.3之前（E0705P07）。

A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).

在HP智能管理中心（iMC）版本中发现了一个iccselectrules表达式语言注入远程代码执行漏洞：在iMC PLAT 7.3（E0705P07）之前。

This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.

这会影响6.6.0.0之前的软件包MintegralAdSDK。该公司分发的SDK包含充当后门程序的恶意功能。 Mintegral及其合作伙伴（广告商）可以在用户设备上远程执行任意代码。

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.

在1.5之前的Tink版本的Java实现中，对无效unicode字符的错误处理使攻击者可以更改密文的ID部分，从而导致创建可以解密为相同明文的第二个密文。这可能是使用单个密钥加密确定性AEAD并依赖于每个明文唯一密文的问题。

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.

10.0.1.163（C00E160R3P8）之前的HUAWEI Mate 20版本具有JavaScript注入漏洞。模块不验证特定输入。这可能会让攻击者绕过过滤器机制来启动JavaScript注入。这可能会损害受影响模块的正常服务。

E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process.

E6878-370版本10.0.3.1（H557SP27C233），10.0.3.1（H563SP21C233）和E6878-870版本10.0.3.1（H557SP27C233），10.0.3.1（H563SP11C233）具有拒绝服务漏洞。系统无法正确检查某些事件，攻击者可能会连续启动事件，成功利用漏洞可能导致进程重新启动。

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.

低于10.1.0.156（C00E155R7P2）的Taurus-AN00B版本具有特权提升漏洞。由于缺乏特权限制，因此该设备的某些业务功能受到限制。攻击者可能利用此漏洞来访问保护信息，从而导致特权提升。

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution.

早于10.0.0.188（C00E74R3P8）的HUAWEI Mate 20版本在Bluetooth模块中存在一个缓冲区溢出漏洞。由于输入验证不足，未经身份验证的攻击者可能会在成功配对后制作蓝牙消息，从而导致缓冲区溢出。成功的利用可能导致代码执行。

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.

早于10.1.0.150（C00E136R5P3）的HUAWEI Mate 30版本和早于10.1.0.160（C00E160R2P11）的HUAWEI P30版本具有免费释放后使用功能。存在一个条件，即系统在释放内存后将引用内存，攻击者应诱使用户以通用特权运行经过精心设计的应用程序，成功利用漏洞可能导致代码执行。

Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).

Sage EasyPay 10.7.5.10中的多个存储的跨站点脚本（XSS）漏洞允许经过身份验证的攻击者通过Unicode转换（最佳匹配映射）通过多个参数注入任意Web脚本或HTML，如下面的全宽度变体所示。 -号（％EF％BC％9C）和大于号（％EF％BC％9E）。

** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group."

**争议** EclecticIQ OpenTAXII到0.2.0和其他产品中使用的TAXII libtaxii到1.1.117，以及其他产品，即使将no_network设置用于XML，也允许SSRF通过初始http：//子字符串进入解析方法。解析器。注意：供应商指出解析方法“包装lxml库”，这可能是“提高...到lxml组”的问题。

In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.

在EZCast Pro II中，根据Web请求提供管理员密码md5哈希。可以破解此哈希以访问设备的管理面板。