Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27486PUBLISHED: 2021-04-12The Fatek Automation WinProladder Versions 3.3 and prior are vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.
CVE-2021-3465PUBLISHED: 2021-04-12** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-15942PUBLISHED: 2021-04-12An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
CVE-2021-22190PUBLISHED: 2021-04-12A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
CVE-2021-24024PUBLISHED: 2021-04-12A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.
User Rank: Ninja
9/9/2014 | 10:48:07 AM
If there were anything to add, specifically in the US, it would be state laws or regulations.
More and more I am running into situations where states have established statutory requirements for the protection and handling of specific categories of data that may exceed or augments some of the regulatory directives you listed.
So many fingers in the regulatory security jar.
Not complaining... any regulatory requirement from any angle helps in the effort to gain resources and support for security controls that are necessary. But the complexity of bringing all of the requirements together and addressed accordingly can be daunting at times.