Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34835PUBLISHED: 2022-06-30In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
CVE-2021-40597PUBLISHED: 2022-06-29The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
CVE-2022-30467PUBLISHED: 2022-06-29Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.
CVE-2022-33061PUBLISHED: 2022-06-29Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.
CVE-2022-2073PUBLISHED: 2022-06-29Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
User Rank: Moderator
9/3/2014 | 3:33:25 PM
It's a fine line, but a well understood distinction, especially in a legal liability sense. As with many things legal, check your intuition and sensibilities at the courthouse door.
That being said, I agree that it has definitely emerged to be in the best interest of the Fanchisor to, at the very least, specify security requirements (and probably enshrine it in the franchise agreement). The Franchisors could just as easily revoke the offending Franchisees to protect their reputation. In the vein of "every problem is an opportunity," the smart play would be for a Franchisor to impose security across the Franchise and provide value add to the Franchisees, as well as turn this into a feature of the Franchise -- great service and secure purchases now at *all* UPS Stores.