** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: the vendor disputes this because the current product behavior, in effect, has XSS_PROTECTION_ENABLED=true in all configurations. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. ** DISPUTED ** A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. NOTE: the vendor's position is that this is a design choice, not a vulnerability.
This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. ** DISPUTED ** Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. NOTE: a third party states "The described attack cannot be executed as demonstrated." This passcode is only four digits, far below typical length/complexity for a user account's password. ** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. NOTE: the vendor's position is that the product is not intended for untrusted input. ** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913.
0 kommentar(er)
