Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2597PUBLISHED: 2022-08-08** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-2631PUBLISHED: 2022-08-08** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-2657PUBLISHED: 2022-08-08** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2017-7527PUBLISHED: 2022-08-08** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none.
CVE-2021-41615PUBLISHED: 2022-08-08
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). NOTE: 2.1...
User Rank: Ninja
9/9/2014 | 10:48:07 AM
If there were anything to add, specifically in the US, it would be state laws or regulations.
More and more I am running into situations where states have established statutory requirements for the protection and handling of specific categories of data that may exceed or augments some of the regulatory directives you listed.
So many fingers in the regulatory security jar.
Not complaining... any regulatory requirement from any angle helps in the effort to gain resources and support for security controls that are necessary. But the complexity of bringing all of the requirements together and addressed accordingly can be daunting at times.