Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25012PUBLISHED: 2023-02-02The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
CVE-2022-37034PUBLISHED: 2023-02-01In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.
CVE-2023-0599PUBLISHED: 2023-02-01
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metas...
CVE-2023-23750PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2023-23751PUBLISHED: 2023-02-01An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.
User Rank: Moderator
9/15/2014 | 6:32:09 PM
Seriously though, the word "hopefully" calls attention to a potential risk factor that lies within secure coding practices and unpublished technical specifications. I researched by digging up everything I could find in the public domain and cross referencing that with my knowledge on the payment processing world from past experience working in multiple job functions at a payment processor.
Getting private details for publication from a highly secretive company would be difficult to say the least. I could have been sneaky by calling contacts, digging up dirt on Apple Pay's implementation and their security development lifecycle adherence track record, then publish a tell-all. But that would be a jerk move. Besides, I have a day job on top of writing articles as a contributing author.