Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-38188PUBLISHED: 2022-08-15There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2022-38190PUBLISHED: 2022-08-15
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userââ&...
CVE-2022-38191PUBLISHED: 2022-08-15There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.
CVE-2022-35822PUBLISHED: 2022-08-15Windows Defender Credential Guard Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-34709.
CVE-2022-38186PUBLISHED: 2022-08-15
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’...
User Rank: Author
12/1/2014 | 9:37:18 AM
Still, Apple Pay is supposed to add stronger multi-factor authentication to every purchase -- that's the good news. The maybe-not-such-good news is that the Apple Pay infrastructure makes you rely on Apple for the lion's share of your payment security -- moreso even than your bank.
We wrote about it in September: http://www.darkreading.com/apple-pay-ups-payment-security-but-pos-threats-remain/d/d-id/1315608