Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23351PUBLISHED: 2021-03-08
The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in ...
CVE-2009-20001PUBLISHED: 2021-03-07An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.
CVE-2020-28466PUBLISHED: 2021-03-07
This affects all versions of package github.com/nats-io/nats-server/server. Untrusted accounts are able to crash the server using configs that represent a service export/import cycles. Disclaimer from the maintainers: Running a NATS service which is exposed to untrusted users presents a heightened r...
CVE-2021-27364PUBLISHED: 2021-03-07An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.
CVE-2021-27365PUBLISHED: 2021-03-07
An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length...
User Rank: Ninja
9/9/2014 | 10:48:07 AM
If there were anything to add, specifically in the US, it would be state laws or regulations.
More and more I am running into situations where states have established statutory requirements for the protection and handling of specific categories of data that may exceed or augments some of the regulatory directives you listed.
So many fingers in the regulatory security jar.
Not complaining... any regulatory requirement from any angle helps in the effort to gain resources and support for security controls that are necessary. But the complexity of bringing all of the requirements together and addressed accordingly can be daunting at times.