@blamejs/exceptd-skills 0.13.84 → 0.13.86
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1540 -0
- package/data/atlas-ttps.json +6 -0
- package/data/attack-techniques.json +8 -0
- package/data/cve-catalog.json +419 -0
- package/data/cwe-catalog.json +5 -0
- package/data/framework-control-gaps.json +32 -0
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -26617,6 +26617,1454 @@
|
|
|
26617
26617
|
]
|
|
26618
26618
|
}
|
|
26619
26619
|
},
|
|
26620
|
+
"CVE-2023-43654": {
|
|
26621
|
+
"name": "PyTorch TorchServe Management API SSRF to Remote Code Execution (ShellTorch)",
|
|
26622
|
+
"rwep": 31,
|
|
26623
|
+
"cvss": 9.8,
|
|
26624
|
+
"cisa_kev": false,
|
|
26625
|
+
"epss_score": null,
|
|
26626
|
+
"referencing_skills": [
|
|
26627
|
+
"kernel-lpe-triage",
|
|
26628
|
+
"ai-attack-surface",
|
|
26629
|
+
"compliance-theater",
|
|
26630
|
+
"attack-surface-pentest",
|
|
26631
|
+
"ot-ics-security",
|
|
26632
|
+
"coordinated-vuln-disclosure",
|
|
26633
|
+
"sector-energy"
|
|
26634
|
+
],
|
|
26635
|
+
"chain": {
|
|
26636
|
+
"cwes": [
|
|
26637
|
+
{
|
|
26638
|
+
"id": "CWE-1037",
|
|
26639
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
26640
|
+
"category": "Hardware / Side Channel"
|
|
26641
|
+
},
|
|
26642
|
+
{
|
|
26643
|
+
"id": "CWE-1039",
|
|
26644
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
26645
|
+
"category": "AI/ML"
|
|
26646
|
+
},
|
|
26647
|
+
{
|
|
26648
|
+
"id": "CWE-125",
|
|
26649
|
+
"name": "Out-of-bounds Read",
|
|
26650
|
+
"category": "Memory Safety"
|
|
26651
|
+
},
|
|
26652
|
+
{
|
|
26653
|
+
"id": "CWE-1357",
|
|
26654
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
26655
|
+
"category": "Supply Chain"
|
|
26656
|
+
},
|
|
26657
|
+
{
|
|
26658
|
+
"id": "CWE-1395",
|
|
26659
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
26660
|
+
"category": "Supply Chain"
|
|
26661
|
+
},
|
|
26662
|
+
{
|
|
26663
|
+
"id": "CWE-1426",
|
|
26664
|
+
"name": "Improper Validation of Generative AI Output",
|
|
26665
|
+
"category": "AI/ML"
|
|
26666
|
+
},
|
|
26667
|
+
{
|
|
26668
|
+
"id": "CWE-22",
|
|
26669
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
26670
|
+
"category": "Path/Resource"
|
|
26671
|
+
},
|
|
26672
|
+
{
|
|
26673
|
+
"id": "CWE-269",
|
|
26674
|
+
"name": "Improper Privilege Management",
|
|
26675
|
+
"category": "Authorization"
|
|
26676
|
+
},
|
|
26677
|
+
{
|
|
26678
|
+
"id": "CWE-287",
|
|
26679
|
+
"name": "Improper Authentication",
|
|
26680
|
+
"category": "Authentication"
|
|
26681
|
+
},
|
|
26682
|
+
{
|
|
26683
|
+
"id": "CWE-306",
|
|
26684
|
+
"name": "Missing Authentication for Critical Function",
|
|
26685
|
+
"category": "Authentication"
|
|
26686
|
+
},
|
|
26687
|
+
{
|
|
26688
|
+
"id": "CWE-352",
|
|
26689
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
26690
|
+
"category": "Session"
|
|
26691
|
+
},
|
|
26692
|
+
{
|
|
26693
|
+
"id": "CWE-362",
|
|
26694
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
26695
|
+
"category": "Concurrency"
|
|
26696
|
+
},
|
|
26697
|
+
{
|
|
26698
|
+
"id": "CWE-416",
|
|
26699
|
+
"name": "Use After Free",
|
|
26700
|
+
"category": "Memory Safety"
|
|
26701
|
+
},
|
|
26702
|
+
{
|
|
26703
|
+
"id": "CWE-434",
|
|
26704
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
26705
|
+
"category": "File Handling"
|
|
26706
|
+
},
|
|
26707
|
+
{
|
|
26708
|
+
"id": "CWE-672",
|
|
26709
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
26710
|
+
"category": "Memory Safety"
|
|
26711
|
+
},
|
|
26712
|
+
{
|
|
26713
|
+
"id": "CWE-732",
|
|
26714
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
26715
|
+
"category": "Authorization"
|
|
26716
|
+
},
|
|
26717
|
+
{
|
|
26718
|
+
"id": "CWE-78",
|
|
26719
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
26720
|
+
"category": "Injection"
|
|
26721
|
+
},
|
|
26722
|
+
{
|
|
26723
|
+
"id": "CWE-787",
|
|
26724
|
+
"name": "Out-of-bounds Write",
|
|
26725
|
+
"category": "Memory Safety"
|
|
26726
|
+
},
|
|
26727
|
+
{
|
|
26728
|
+
"id": "CWE-79",
|
|
26729
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
26730
|
+
"category": "Injection"
|
|
26731
|
+
},
|
|
26732
|
+
{
|
|
26733
|
+
"id": "CWE-798",
|
|
26734
|
+
"name": "Use of Hard-coded Credentials",
|
|
26735
|
+
"category": "Credentials"
|
|
26736
|
+
},
|
|
26737
|
+
{
|
|
26738
|
+
"id": "CWE-89",
|
|
26739
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
26740
|
+
"category": "Injection"
|
|
26741
|
+
},
|
|
26742
|
+
{
|
|
26743
|
+
"id": "CWE-918",
|
|
26744
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
26745
|
+
"category": "Network"
|
|
26746
|
+
},
|
|
26747
|
+
{
|
|
26748
|
+
"id": "CWE-94",
|
|
26749
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
26750
|
+
"category": "Injection"
|
|
26751
|
+
}
|
|
26752
|
+
],
|
|
26753
|
+
"atlas": [
|
|
26754
|
+
{
|
|
26755
|
+
"id": "AML.T0010",
|
|
26756
|
+
"name": "ML Supply Chain Compromise",
|
|
26757
|
+
"tactic": "Initial Access"
|
|
26758
|
+
},
|
|
26759
|
+
{
|
|
26760
|
+
"id": "AML.T0016",
|
|
26761
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
26762
|
+
"tactic": "Resource Development"
|
|
26763
|
+
},
|
|
26764
|
+
{
|
|
26765
|
+
"id": "AML.T0017",
|
|
26766
|
+
"name": "Discover ML Model Ontology",
|
|
26767
|
+
"tactic": "Discovery"
|
|
26768
|
+
},
|
|
26769
|
+
{
|
|
26770
|
+
"id": "AML.T0018",
|
|
26771
|
+
"name": "Backdoor ML Model",
|
|
26772
|
+
"tactic": "Persistence"
|
|
26773
|
+
},
|
|
26774
|
+
{
|
|
26775
|
+
"id": "AML.T0020",
|
|
26776
|
+
"name": "Poison Training Data",
|
|
26777
|
+
"tactic": "ML Attack Staging"
|
|
26778
|
+
},
|
|
26779
|
+
{
|
|
26780
|
+
"id": "AML.T0043",
|
|
26781
|
+
"name": "Craft Adversarial Data",
|
|
26782
|
+
"tactic": "ML Attack Staging"
|
|
26783
|
+
},
|
|
26784
|
+
{
|
|
26785
|
+
"id": "AML.T0051",
|
|
26786
|
+
"name": "LLM Prompt Injection",
|
|
26787
|
+
"tactic": "Execution"
|
|
26788
|
+
},
|
|
26789
|
+
{
|
|
26790
|
+
"id": "AML.T0054",
|
|
26791
|
+
"name": "LLM Jailbreak",
|
|
26792
|
+
"tactic": "Defense Evasion"
|
|
26793
|
+
},
|
|
26794
|
+
{
|
|
26795
|
+
"id": "AML.T0096",
|
|
26796
|
+
"name": "AI API as Covert C2 Channel",
|
|
26797
|
+
"tactic": "Command and Control"
|
|
26798
|
+
}
|
|
26799
|
+
],
|
|
26800
|
+
"d3fend": [
|
|
26801
|
+
{
|
|
26802
|
+
"id": "D3-ASLR",
|
|
26803
|
+
"name": "Address Space Layout Randomization",
|
|
26804
|
+
"tactic": "Harden"
|
|
26805
|
+
},
|
|
26806
|
+
{
|
|
26807
|
+
"id": "D3-CSPP",
|
|
26808
|
+
"name": "Client-server Payload Profiling",
|
|
26809
|
+
"tactic": "Detect"
|
|
26810
|
+
},
|
|
26811
|
+
{
|
|
26812
|
+
"id": "D3-EAL",
|
|
26813
|
+
"name": "Executable Allowlisting",
|
|
26814
|
+
"tactic": "Harden"
|
|
26815
|
+
},
|
|
26816
|
+
{
|
|
26817
|
+
"id": "D3-IOPR",
|
|
26818
|
+
"name": "Input/Output Profiling Resource",
|
|
26819
|
+
"tactic": "Detect"
|
|
26820
|
+
},
|
|
26821
|
+
{
|
|
26822
|
+
"id": "D3-NTA",
|
|
26823
|
+
"name": "Network Traffic Analysis",
|
|
26824
|
+
"tactic": "Detect"
|
|
26825
|
+
},
|
|
26826
|
+
{
|
|
26827
|
+
"id": "D3-PHRA",
|
|
26828
|
+
"name": "Process Hardware Resource Access",
|
|
26829
|
+
"tactic": "Isolate"
|
|
26830
|
+
},
|
|
26831
|
+
{
|
|
26832
|
+
"id": "D3-PSEP",
|
|
26833
|
+
"name": "Process Segment Execution Prevention",
|
|
26834
|
+
"tactic": "Harden"
|
|
26835
|
+
}
|
|
26836
|
+
],
|
|
26837
|
+
"framework_gaps": [
|
|
26838
|
+
{
|
|
26839
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
26840
|
+
"framework": "ALL",
|
|
26841
|
+
"control_name": "AI Pipeline Integrity"
|
|
26842
|
+
},
|
|
26843
|
+
{
|
|
26844
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
26845
|
+
"framework": "ALL",
|
|
26846
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
26847
|
+
},
|
|
26848
|
+
{
|
|
26849
|
+
"id": "CIS-Controls-v8-Control7",
|
|
26850
|
+
"framework": "CIS Controls v8",
|
|
26851
|
+
"control_name": "Continuous Vulnerability Management"
|
|
26852
|
+
},
|
|
26853
|
+
{
|
|
26854
|
+
"id": "CMMC-2.0-Level-2",
|
|
26855
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
26856
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
26857
|
+
},
|
|
26858
|
+
{
|
|
26859
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
26860
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
26861
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
26862
|
+
},
|
|
26863
|
+
{
|
|
26864
|
+
"id": "IEC-62443-3-3",
|
|
26865
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
26866
|
+
"control_name": "System security requirements and security levels"
|
|
26867
|
+
},
|
|
26868
|
+
{
|
|
26869
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
26870
|
+
"framework": "ISO/IEC 27001:2022",
|
|
26871
|
+
"control_name": "Secure coding"
|
|
26872
|
+
},
|
|
26873
|
+
{
|
|
26874
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
26875
|
+
"framework": "ISO/IEC 27001:2022",
|
|
26876
|
+
"control_name": "Management of technical vulnerabilities"
|
|
26877
|
+
},
|
|
26878
|
+
{
|
|
26879
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
26880
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
26881
|
+
"control_name": "AI risk management process"
|
|
26882
|
+
},
|
|
26883
|
+
{
|
|
26884
|
+
"id": "NERC-CIP-007-6-R4",
|
|
26885
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
26886
|
+
"control_name": "Security event monitoring"
|
|
26887
|
+
},
|
|
26888
|
+
{
|
|
26889
|
+
"id": "NIS2-Art21-patch-management",
|
|
26890
|
+
"framework": "EU NIS2 Directive",
|
|
26891
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
26892
|
+
},
|
|
26893
|
+
{
|
|
26894
|
+
"id": "NIST-800-115",
|
|
26895
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
26896
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
26897
|
+
},
|
|
26898
|
+
{
|
|
26899
|
+
"id": "NIST-800-218-SSDF",
|
|
26900
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
26901
|
+
"control_name": "Secure Software Development Framework"
|
|
26902
|
+
},
|
|
26903
|
+
{
|
|
26904
|
+
"id": "NIST-800-53-AC-2",
|
|
26905
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26906
|
+
"control_name": "Account Management"
|
|
26907
|
+
},
|
|
26908
|
+
{
|
|
26909
|
+
"id": "NIST-800-53-SC-8",
|
|
26910
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26911
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
26912
|
+
},
|
|
26913
|
+
{
|
|
26914
|
+
"id": "NIST-800-53-SI-2",
|
|
26915
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26916
|
+
"control_name": "Flaw Remediation"
|
|
26917
|
+
},
|
|
26918
|
+
{
|
|
26919
|
+
"id": "NIST-800-53-SI-3",
|
|
26920
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
26921
|
+
"control_name": "Malicious Code Protection"
|
|
26922
|
+
},
|
|
26923
|
+
{
|
|
26924
|
+
"id": "NIST-800-82r3",
|
|
26925
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
26926
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
26927
|
+
},
|
|
26928
|
+
{
|
|
26929
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
26930
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
26931
|
+
"control_name": "Prompt Injection"
|
|
26932
|
+
},
|
|
26933
|
+
{
|
|
26934
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
26935
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
26936
|
+
"control_name": "Sensitive Information Disclosure"
|
|
26937
|
+
},
|
|
26938
|
+
{
|
|
26939
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
26940
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
26941
|
+
"control_name": "Web application penetration testing methodology"
|
|
26942
|
+
},
|
|
26943
|
+
{
|
|
26944
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
26945
|
+
"framework": "PCI DSS 4.0",
|
|
26946
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
26947
|
+
},
|
|
26948
|
+
{
|
|
26949
|
+
"id": "PTES-Pre-engagement",
|
|
26950
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
26951
|
+
"control_name": "Pre-engagement Interactions"
|
|
26952
|
+
},
|
|
26953
|
+
{
|
|
26954
|
+
"id": "SOC2-CC6-logical-access",
|
|
26955
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
26956
|
+
"control_name": "Logical and Physical Access Controls"
|
|
26957
|
+
},
|
|
26958
|
+
{
|
|
26959
|
+
"id": "SOC2-CC9-vendor-management",
|
|
26960
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
26961
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
26962
|
+
}
|
|
26963
|
+
],
|
|
26964
|
+
"attack_refs": [
|
|
26965
|
+
"T0855",
|
|
26966
|
+
"T0883",
|
|
26967
|
+
"T1059",
|
|
26968
|
+
"T1068",
|
|
26969
|
+
"T1078",
|
|
26970
|
+
"T1133",
|
|
26971
|
+
"T1190",
|
|
26972
|
+
"T1548.001",
|
|
26973
|
+
"T1566"
|
|
26974
|
+
],
|
|
26975
|
+
"rfc_refs": [
|
|
26976
|
+
"RFC-4301",
|
|
26977
|
+
"RFC-4303",
|
|
26978
|
+
"RFC-7296"
|
|
26979
|
+
]
|
|
26980
|
+
}
|
|
26981
|
+
},
|
|
26982
|
+
"CVE-2022-1471": {
|
|
26983
|
+
"name": "SnakeYAML Constructor Unsafe Deserialization RCE (ShellTorch chain)",
|
|
26984
|
+
"rwep": 29,
|
|
26985
|
+
"cvss": 9.8,
|
|
26986
|
+
"cisa_kev": false,
|
|
26987
|
+
"epss_score": null,
|
|
26988
|
+
"referencing_skills": [
|
|
26989
|
+
"kernel-lpe-triage",
|
|
26990
|
+
"ai-attack-surface",
|
|
26991
|
+
"compliance-theater",
|
|
26992
|
+
"attack-surface-pentest",
|
|
26993
|
+
"ot-ics-security",
|
|
26994
|
+
"coordinated-vuln-disclosure",
|
|
26995
|
+
"sector-energy"
|
|
26996
|
+
],
|
|
26997
|
+
"chain": {
|
|
26998
|
+
"cwes": [
|
|
26999
|
+
{
|
|
27000
|
+
"id": "CWE-1037",
|
|
27001
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
27002
|
+
"category": "Hardware / Side Channel"
|
|
27003
|
+
},
|
|
27004
|
+
{
|
|
27005
|
+
"id": "CWE-1039",
|
|
27006
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
27007
|
+
"category": "AI/ML"
|
|
27008
|
+
},
|
|
27009
|
+
{
|
|
27010
|
+
"id": "CWE-125",
|
|
27011
|
+
"name": "Out-of-bounds Read",
|
|
27012
|
+
"category": "Memory Safety"
|
|
27013
|
+
},
|
|
27014
|
+
{
|
|
27015
|
+
"id": "CWE-1357",
|
|
27016
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
27017
|
+
"category": "Supply Chain"
|
|
27018
|
+
},
|
|
27019
|
+
{
|
|
27020
|
+
"id": "CWE-1395",
|
|
27021
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
27022
|
+
"category": "Supply Chain"
|
|
27023
|
+
},
|
|
27024
|
+
{
|
|
27025
|
+
"id": "CWE-1426",
|
|
27026
|
+
"name": "Improper Validation of Generative AI Output",
|
|
27027
|
+
"category": "AI/ML"
|
|
27028
|
+
},
|
|
27029
|
+
{
|
|
27030
|
+
"id": "CWE-22",
|
|
27031
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
27032
|
+
"category": "Path/Resource"
|
|
27033
|
+
},
|
|
27034
|
+
{
|
|
27035
|
+
"id": "CWE-269",
|
|
27036
|
+
"name": "Improper Privilege Management",
|
|
27037
|
+
"category": "Authorization"
|
|
27038
|
+
},
|
|
27039
|
+
{
|
|
27040
|
+
"id": "CWE-287",
|
|
27041
|
+
"name": "Improper Authentication",
|
|
27042
|
+
"category": "Authentication"
|
|
27043
|
+
},
|
|
27044
|
+
{
|
|
27045
|
+
"id": "CWE-306",
|
|
27046
|
+
"name": "Missing Authentication for Critical Function",
|
|
27047
|
+
"category": "Authentication"
|
|
27048
|
+
},
|
|
27049
|
+
{
|
|
27050
|
+
"id": "CWE-352",
|
|
27051
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
27052
|
+
"category": "Session"
|
|
27053
|
+
},
|
|
27054
|
+
{
|
|
27055
|
+
"id": "CWE-362",
|
|
27056
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
27057
|
+
"category": "Concurrency"
|
|
27058
|
+
},
|
|
27059
|
+
{
|
|
27060
|
+
"id": "CWE-416",
|
|
27061
|
+
"name": "Use After Free",
|
|
27062
|
+
"category": "Memory Safety"
|
|
27063
|
+
},
|
|
27064
|
+
{
|
|
27065
|
+
"id": "CWE-434",
|
|
27066
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
27067
|
+
"category": "File Handling"
|
|
27068
|
+
},
|
|
27069
|
+
{
|
|
27070
|
+
"id": "CWE-672",
|
|
27071
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
27072
|
+
"category": "Memory Safety"
|
|
27073
|
+
},
|
|
27074
|
+
{
|
|
27075
|
+
"id": "CWE-732",
|
|
27076
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
27077
|
+
"category": "Authorization"
|
|
27078
|
+
},
|
|
27079
|
+
{
|
|
27080
|
+
"id": "CWE-78",
|
|
27081
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
27082
|
+
"category": "Injection"
|
|
27083
|
+
},
|
|
27084
|
+
{
|
|
27085
|
+
"id": "CWE-787",
|
|
27086
|
+
"name": "Out-of-bounds Write",
|
|
27087
|
+
"category": "Memory Safety"
|
|
27088
|
+
},
|
|
27089
|
+
{
|
|
27090
|
+
"id": "CWE-79",
|
|
27091
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
27092
|
+
"category": "Injection"
|
|
27093
|
+
},
|
|
27094
|
+
{
|
|
27095
|
+
"id": "CWE-798",
|
|
27096
|
+
"name": "Use of Hard-coded Credentials",
|
|
27097
|
+
"category": "Credentials"
|
|
27098
|
+
},
|
|
27099
|
+
{
|
|
27100
|
+
"id": "CWE-89",
|
|
27101
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
27102
|
+
"category": "Injection"
|
|
27103
|
+
},
|
|
27104
|
+
{
|
|
27105
|
+
"id": "CWE-918",
|
|
27106
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
27107
|
+
"category": "Network"
|
|
27108
|
+
},
|
|
27109
|
+
{
|
|
27110
|
+
"id": "CWE-94",
|
|
27111
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
27112
|
+
"category": "Injection"
|
|
27113
|
+
}
|
|
27114
|
+
],
|
|
27115
|
+
"atlas": [
|
|
27116
|
+
{
|
|
27117
|
+
"id": "AML.T0010",
|
|
27118
|
+
"name": "ML Supply Chain Compromise",
|
|
27119
|
+
"tactic": "Initial Access"
|
|
27120
|
+
},
|
|
27121
|
+
{
|
|
27122
|
+
"id": "AML.T0016",
|
|
27123
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
27124
|
+
"tactic": "Resource Development"
|
|
27125
|
+
},
|
|
27126
|
+
{
|
|
27127
|
+
"id": "AML.T0017",
|
|
27128
|
+
"name": "Discover ML Model Ontology",
|
|
27129
|
+
"tactic": "Discovery"
|
|
27130
|
+
},
|
|
27131
|
+
{
|
|
27132
|
+
"id": "AML.T0018",
|
|
27133
|
+
"name": "Backdoor ML Model",
|
|
27134
|
+
"tactic": "Persistence"
|
|
27135
|
+
},
|
|
27136
|
+
{
|
|
27137
|
+
"id": "AML.T0020",
|
|
27138
|
+
"name": "Poison Training Data",
|
|
27139
|
+
"tactic": "ML Attack Staging"
|
|
27140
|
+
},
|
|
27141
|
+
{
|
|
27142
|
+
"id": "AML.T0043",
|
|
27143
|
+
"name": "Craft Adversarial Data",
|
|
27144
|
+
"tactic": "ML Attack Staging"
|
|
27145
|
+
},
|
|
27146
|
+
{
|
|
27147
|
+
"id": "AML.T0051",
|
|
27148
|
+
"name": "LLM Prompt Injection",
|
|
27149
|
+
"tactic": "Execution"
|
|
27150
|
+
},
|
|
27151
|
+
{
|
|
27152
|
+
"id": "AML.T0054",
|
|
27153
|
+
"name": "LLM Jailbreak",
|
|
27154
|
+
"tactic": "Defense Evasion"
|
|
27155
|
+
},
|
|
27156
|
+
{
|
|
27157
|
+
"id": "AML.T0096",
|
|
27158
|
+
"name": "AI API as Covert C2 Channel",
|
|
27159
|
+
"tactic": "Command and Control"
|
|
27160
|
+
}
|
|
27161
|
+
],
|
|
27162
|
+
"d3fend": [
|
|
27163
|
+
{
|
|
27164
|
+
"id": "D3-ASLR",
|
|
27165
|
+
"name": "Address Space Layout Randomization",
|
|
27166
|
+
"tactic": "Harden"
|
|
27167
|
+
},
|
|
27168
|
+
{
|
|
27169
|
+
"id": "D3-CSPP",
|
|
27170
|
+
"name": "Client-server Payload Profiling",
|
|
27171
|
+
"tactic": "Detect"
|
|
27172
|
+
},
|
|
27173
|
+
{
|
|
27174
|
+
"id": "D3-EAL",
|
|
27175
|
+
"name": "Executable Allowlisting",
|
|
27176
|
+
"tactic": "Harden"
|
|
27177
|
+
},
|
|
27178
|
+
{
|
|
27179
|
+
"id": "D3-IOPR",
|
|
27180
|
+
"name": "Input/Output Profiling Resource",
|
|
27181
|
+
"tactic": "Detect"
|
|
27182
|
+
},
|
|
27183
|
+
{
|
|
27184
|
+
"id": "D3-NTA",
|
|
27185
|
+
"name": "Network Traffic Analysis",
|
|
27186
|
+
"tactic": "Detect"
|
|
27187
|
+
},
|
|
27188
|
+
{
|
|
27189
|
+
"id": "D3-PHRA",
|
|
27190
|
+
"name": "Process Hardware Resource Access",
|
|
27191
|
+
"tactic": "Isolate"
|
|
27192
|
+
},
|
|
27193
|
+
{
|
|
27194
|
+
"id": "D3-PSEP",
|
|
27195
|
+
"name": "Process Segment Execution Prevention",
|
|
27196
|
+
"tactic": "Harden"
|
|
27197
|
+
}
|
|
27198
|
+
],
|
|
27199
|
+
"framework_gaps": [
|
|
27200
|
+
{
|
|
27201
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
27202
|
+
"framework": "ALL",
|
|
27203
|
+
"control_name": "AI Pipeline Integrity"
|
|
27204
|
+
},
|
|
27205
|
+
{
|
|
27206
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
27207
|
+
"framework": "ALL",
|
|
27208
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
27209
|
+
},
|
|
27210
|
+
{
|
|
27211
|
+
"id": "CIS-Controls-v8-Control7",
|
|
27212
|
+
"framework": "CIS Controls v8",
|
|
27213
|
+
"control_name": "Continuous Vulnerability Management"
|
|
27214
|
+
},
|
|
27215
|
+
{
|
|
27216
|
+
"id": "CMMC-2.0-Level-2",
|
|
27217
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
27218
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
27219
|
+
},
|
|
27220
|
+
{
|
|
27221
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
27222
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
27223
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
27224
|
+
},
|
|
27225
|
+
{
|
|
27226
|
+
"id": "IEC-62443-3-3",
|
|
27227
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
27228
|
+
"control_name": "System security requirements and security levels"
|
|
27229
|
+
},
|
|
27230
|
+
{
|
|
27231
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
27232
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27233
|
+
"control_name": "Secure coding"
|
|
27234
|
+
},
|
|
27235
|
+
{
|
|
27236
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
27237
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27238
|
+
"control_name": "Management of technical vulnerabilities"
|
|
27239
|
+
},
|
|
27240
|
+
{
|
|
27241
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
27242
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
27243
|
+
"control_name": "AI risk management process"
|
|
27244
|
+
},
|
|
27245
|
+
{
|
|
27246
|
+
"id": "NERC-CIP-007-6-R4",
|
|
27247
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
27248
|
+
"control_name": "Security event monitoring"
|
|
27249
|
+
},
|
|
27250
|
+
{
|
|
27251
|
+
"id": "NIS2-Art21-patch-management",
|
|
27252
|
+
"framework": "EU NIS2 Directive",
|
|
27253
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
27254
|
+
},
|
|
27255
|
+
{
|
|
27256
|
+
"id": "NIST-800-115",
|
|
27257
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
27258
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
27259
|
+
},
|
|
27260
|
+
{
|
|
27261
|
+
"id": "NIST-800-218-SSDF",
|
|
27262
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
27263
|
+
"control_name": "Secure Software Development Framework"
|
|
27264
|
+
},
|
|
27265
|
+
{
|
|
27266
|
+
"id": "NIST-800-53-AC-2",
|
|
27267
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27268
|
+
"control_name": "Account Management"
|
|
27269
|
+
},
|
|
27270
|
+
{
|
|
27271
|
+
"id": "NIST-800-53-SC-8",
|
|
27272
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27273
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
27274
|
+
},
|
|
27275
|
+
{
|
|
27276
|
+
"id": "NIST-800-53-SI-2",
|
|
27277
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27278
|
+
"control_name": "Flaw Remediation"
|
|
27279
|
+
},
|
|
27280
|
+
{
|
|
27281
|
+
"id": "NIST-800-53-SI-3",
|
|
27282
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27283
|
+
"control_name": "Malicious Code Protection"
|
|
27284
|
+
},
|
|
27285
|
+
{
|
|
27286
|
+
"id": "NIST-800-82r3",
|
|
27287
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
27288
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
27289
|
+
},
|
|
27290
|
+
{
|
|
27291
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
27292
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27293
|
+
"control_name": "Prompt Injection"
|
|
27294
|
+
},
|
|
27295
|
+
{
|
|
27296
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
27297
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27298
|
+
"control_name": "Sensitive Information Disclosure"
|
|
27299
|
+
},
|
|
27300
|
+
{
|
|
27301
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
27302
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
27303
|
+
"control_name": "Web application penetration testing methodology"
|
|
27304
|
+
},
|
|
27305
|
+
{
|
|
27306
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
27307
|
+
"framework": "PCI DSS 4.0",
|
|
27308
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
27309
|
+
},
|
|
27310
|
+
{
|
|
27311
|
+
"id": "PTES-Pre-engagement",
|
|
27312
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
27313
|
+
"control_name": "Pre-engagement Interactions"
|
|
27314
|
+
},
|
|
27315
|
+
{
|
|
27316
|
+
"id": "SOC2-CC6-logical-access",
|
|
27317
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27318
|
+
"control_name": "Logical and Physical Access Controls"
|
|
27319
|
+
},
|
|
27320
|
+
{
|
|
27321
|
+
"id": "SOC2-CC9-vendor-management",
|
|
27322
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27323
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
27324
|
+
}
|
|
27325
|
+
],
|
|
27326
|
+
"attack_refs": [
|
|
27327
|
+
"T0855",
|
|
27328
|
+
"T0883",
|
|
27329
|
+
"T1059",
|
|
27330
|
+
"T1068",
|
|
27331
|
+
"T1078",
|
|
27332
|
+
"T1133",
|
|
27333
|
+
"T1190",
|
|
27334
|
+
"T1548.001",
|
|
27335
|
+
"T1566"
|
|
27336
|
+
],
|
|
27337
|
+
"rfc_refs": [
|
|
27338
|
+
"RFC-4301",
|
|
27339
|
+
"RFC-4303",
|
|
27340
|
+
"RFC-7296"
|
|
27341
|
+
]
|
|
27342
|
+
}
|
|
27343
|
+
},
|
|
27344
|
+
"CVE-2024-37032": {
|
|
27345
|
+
"name": "Ollama Model Registry Path Traversal Arbitrary File Write RCE (Probllama)",
|
|
27346
|
+
"rwep": 31,
|
|
27347
|
+
"cvss": 8.8,
|
|
27348
|
+
"cisa_kev": false,
|
|
27349
|
+
"epss_score": null,
|
|
27350
|
+
"referencing_skills": [
|
|
27351
|
+
"kernel-lpe-triage",
|
|
27352
|
+
"ai-attack-surface",
|
|
27353
|
+
"compliance-theater",
|
|
27354
|
+
"attack-surface-pentest",
|
|
27355
|
+
"ot-ics-security",
|
|
27356
|
+
"coordinated-vuln-disclosure",
|
|
27357
|
+
"sector-energy"
|
|
27358
|
+
],
|
|
27359
|
+
"chain": {
|
|
27360
|
+
"cwes": [
|
|
27361
|
+
{
|
|
27362
|
+
"id": "CWE-1037",
|
|
27363
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
27364
|
+
"category": "Hardware / Side Channel"
|
|
27365
|
+
},
|
|
27366
|
+
{
|
|
27367
|
+
"id": "CWE-1039",
|
|
27368
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
27369
|
+
"category": "AI/ML"
|
|
27370
|
+
},
|
|
27371
|
+
{
|
|
27372
|
+
"id": "CWE-125",
|
|
27373
|
+
"name": "Out-of-bounds Read",
|
|
27374
|
+
"category": "Memory Safety"
|
|
27375
|
+
},
|
|
27376
|
+
{
|
|
27377
|
+
"id": "CWE-1357",
|
|
27378
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
27379
|
+
"category": "Supply Chain"
|
|
27380
|
+
},
|
|
27381
|
+
{
|
|
27382
|
+
"id": "CWE-1395",
|
|
27383
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
27384
|
+
"category": "Supply Chain"
|
|
27385
|
+
},
|
|
27386
|
+
{
|
|
27387
|
+
"id": "CWE-1426",
|
|
27388
|
+
"name": "Improper Validation of Generative AI Output",
|
|
27389
|
+
"category": "AI/ML"
|
|
27390
|
+
},
|
|
27391
|
+
{
|
|
27392
|
+
"id": "CWE-22",
|
|
27393
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
27394
|
+
"category": "Path/Resource"
|
|
27395
|
+
},
|
|
27396
|
+
{
|
|
27397
|
+
"id": "CWE-269",
|
|
27398
|
+
"name": "Improper Privilege Management",
|
|
27399
|
+
"category": "Authorization"
|
|
27400
|
+
},
|
|
27401
|
+
{
|
|
27402
|
+
"id": "CWE-287",
|
|
27403
|
+
"name": "Improper Authentication",
|
|
27404
|
+
"category": "Authentication"
|
|
27405
|
+
},
|
|
27406
|
+
{
|
|
27407
|
+
"id": "CWE-306",
|
|
27408
|
+
"name": "Missing Authentication for Critical Function",
|
|
27409
|
+
"category": "Authentication"
|
|
27410
|
+
},
|
|
27411
|
+
{
|
|
27412
|
+
"id": "CWE-352",
|
|
27413
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
27414
|
+
"category": "Session"
|
|
27415
|
+
},
|
|
27416
|
+
{
|
|
27417
|
+
"id": "CWE-362",
|
|
27418
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
27419
|
+
"category": "Concurrency"
|
|
27420
|
+
},
|
|
27421
|
+
{
|
|
27422
|
+
"id": "CWE-416",
|
|
27423
|
+
"name": "Use After Free",
|
|
27424
|
+
"category": "Memory Safety"
|
|
27425
|
+
},
|
|
27426
|
+
{
|
|
27427
|
+
"id": "CWE-434",
|
|
27428
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
27429
|
+
"category": "File Handling"
|
|
27430
|
+
},
|
|
27431
|
+
{
|
|
27432
|
+
"id": "CWE-672",
|
|
27433
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
27434
|
+
"category": "Memory Safety"
|
|
27435
|
+
},
|
|
27436
|
+
{
|
|
27437
|
+
"id": "CWE-732",
|
|
27438
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
27439
|
+
"category": "Authorization"
|
|
27440
|
+
},
|
|
27441
|
+
{
|
|
27442
|
+
"id": "CWE-78",
|
|
27443
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
27444
|
+
"category": "Injection"
|
|
27445
|
+
},
|
|
27446
|
+
{
|
|
27447
|
+
"id": "CWE-787",
|
|
27448
|
+
"name": "Out-of-bounds Write",
|
|
27449
|
+
"category": "Memory Safety"
|
|
27450
|
+
},
|
|
27451
|
+
{
|
|
27452
|
+
"id": "CWE-79",
|
|
27453
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
27454
|
+
"category": "Injection"
|
|
27455
|
+
},
|
|
27456
|
+
{
|
|
27457
|
+
"id": "CWE-798",
|
|
27458
|
+
"name": "Use of Hard-coded Credentials",
|
|
27459
|
+
"category": "Credentials"
|
|
27460
|
+
},
|
|
27461
|
+
{
|
|
27462
|
+
"id": "CWE-89",
|
|
27463
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
27464
|
+
"category": "Injection"
|
|
27465
|
+
},
|
|
27466
|
+
{
|
|
27467
|
+
"id": "CWE-918",
|
|
27468
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
27469
|
+
"category": "Network"
|
|
27470
|
+
},
|
|
27471
|
+
{
|
|
27472
|
+
"id": "CWE-94",
|
|
27473
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
27474
|
+
"category": "Injection"
|
|
27475
|
+
}
|
|
27476
|
+
],
|
|
27477
|
+
"atlas": [
|
|
27478
|
+
{
|
|
27479
|
+
"id": "AML.T0010",
|
|
27480
|
+
"name": "ML Supply Chain Compromise",
|
|
27481
|
+
"tactic": "Initial Access"
|
|
27482
|
+
},
|
|
27483
|
+
{
|
|
27484
|
+
"id": "AML.T0016",
|
|
27485
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
27486
|
+
"tactic": "Resource Development"
|
|
27487
|
+
},
|
|
27488
|
+
{
|
|
27489
|
+
"id": "AML.T0017",
|
|
27490
|
+
"name": "Discover ML Model Ontology",
|
|
27491
|
+
"tactic": "Discovery"
|
|
27492
|
+
},
|
|
27493
|
+
{
|
|
27494
|
+
"id": "AML.T0018",
|
|
27495
|
+
"name": "Backdoor ML Model",
|
|
27496
|
+
"tactic": "Persistence"
|
|
27497
|
+
},
|
|
27498
|
+
{
|
|
27499
|
+
"id": "AML.T0020",
|
|
27500
|
+
"name": "Poison Training Data",
|
|
27501
|
+
"tactic": "ML Attack Staging"
|
|
27502
|
+
},
|
|
27503
|
+
{
|
|
27504
|
+
"id": "AML.T0043",
|
|
27505
|
+
"name": "Craft Adversarial Data",
|
|
27506
|
+
"tactic": "ML Attack Staging"
|
|
27507
|
+
},
|
|
27508
|
+
{
|
|
27509
|
+
"id": "AML.T0051",
|
|
27510
|
+
"name": "LLM Prompt Injection",
|
|
27511
|
+
"tactic": "Execution"
|
|
27512
|
+
},
|
|
27513
|
+
{
|
|
27514
|
+
"id": "AML.T0054",
|
|
27515
|
+
"name": "LLM Jailbreak",
|
|
27516
|
+
"tactic": "Defense Evasion"
|
|
27517
|
+
},
|
|
27518
|
+
{
|
|
27519
|
+
"id": "AML.T0096",
|
|
27520
|
+
"name": "AI API as Covert C2 Channel",
|
|
27521
|
+
"tactic": "Command and Control"
|
|
27522
|
+
}
|
|
27523
|
+
],
|
|
27524
|
+
"d3fend": [
|
|
27525
|
+
{
|
|
27526
|
+
"id": "D3-ASLR",
|
|
27527
|
+
"name": "Address Space Layout Randomization",
|
|
27528
|
+
"tactic": "Harden"
|
|
27529
|
+
},
|
|
27530
|
+
{
|
|
27531
|
+
"id": "D3-CSPP",
|
|
27532
|
+
"name": "Client-server Payload Profiling",
|
|
27533
|
+
"tactic": "Detect"
|
|
27534
|
+
},
|
|
27535
|
+
{
|
|
27536
|
+
"id": "D3-EAL",
|
|
27537
|
+
"name": "Executable Allowlisting",
|
|
27538
|
+
"tactic": "Harden"
|
|
27539
|
+
},
|
|
27540
|
+
{
|
|
27541
|
+
"id": "D3-IOPR",
|
|
27542
|
+
"name": "Input/Output Profiling Resource",
|
|
27543
|
+
"tactic": "Detect"
|
|
27544
|
+
},
|
|
27545
|
+
{
|
|
27546
|
+
"id": "D3-NTA",
|
|
27547
|
+
"name": "Network Traffic Analysis",
|
|
27548
|
+
"tactic": "Detect"
|
|
27549
|
+
},
|
|
27550
|
+
{
|
|
27551
|
+
"id": "D3-PHRA",
|
|
27552
|
+
"name": "Process Hardware Resource Access",
|
|
27553
|
+
"tactic": "Isolate"
|
|
27554
|
+
},
|
|
27555
|
+
{
|
|
27556
|
+
"id": "D3-PSEP",
|
|
27557
|
+
"name": "Process Segment Execution Prevention",
|
|
27558
|
+
"tactic": "Harden"
|
|
27559
|
+
}
|
|
27560
|
+
],
|
|
27561
|
+
"framework_gaps": [
|
|
27562
|
+
{
|
|
27563
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
27564
|
+
"framework": "ALL",
|
|
27565
|
+
"control_name": "AI Pipeline Integrity"
|
|
27566
|
+
},
|
|
27567
|
+
{
|
|
27568
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
27569
|
+
"framework": "ALL",
|
|
27570
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
27571
|
+
},
|
|
27572
|
+
{
|
|
27573
|
+
"id": "CIS-Controls-v8-Control7",
|
|
27574
|
+
"framework": "CIS Controls v8",
|
|
27575
|
+
"control_name": "Continuous Vulnerability Management"
|
|
27576
|
+
},
|
|
27577
|
+
{
|
|
27578
|
+
"id": "CMMC-2.0-Level-2",
|
|
27579
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
27580
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
27581
|
+
},
|
|
27582
|
+
{
|
|
27583
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
27584
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
27585
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
27586
|
+
},
|
|
27587
|
+
{
|
|
27588
|
+
"id": "IEC-62443-3-3",
|
|
27589
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
27590
|
+
"control_name": "System security requirements and security levels"
|
|
27591
|
+
},
|
|
27592
|
+
{
|
|
27593
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
27594
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27595
|
+
"control_name": "Secure coding"
|
|
27596
|
+
},
|
|
27597
|
+
{
|
|
27598
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
27599
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27600
|
+
"control_name": "Management of technical vulnerabilities"
|
|
27601
|
+
},
|
|
27602
|
+
{
|
|
27603
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
27604
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
27605
|
+
"control_name": "AI risk management process"
|
|
27606
|
+
},
|
|
27607
|
+
{
|
|
27608
|
+
"id": "NERC-CIP-007-6-R4",
|
|
27609
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
27610
|
+
"control_name": "Security event monitoring"
|
|
27611
|
+
},
|
|
27612
|
+
{
|
|
27613
|
+
"id": "NIS2-Art21-patch-management",
|
|
27614
|
+
"framework": "EU NIS2 Directive",
|
|
27615
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
27616
|
+
},
|
|
27617
|
+
{
|
|
27618
|
+
"id": "NIST-800-115",
|
|
27619
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
27620
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
27621
|
+
},
|
|
27622
|
+
{
|
|
27623
|
+
"id": "NIST-800-218-SSDF",
|
|
27624
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
27625
|
+
"control_name": "Secure Software Development Framework"
|
|
27626
|
+
},
|
|
27627
|
+
{
|
|
27628
|
+
"id": "NIST-800-53-AC-2",
|
|
27629
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27630
|
+
"control_name": "Account Management"
|
|
27631
|
+
},
|
|
27632
|
+
{
|
|
27633
|
+
"id": "NIST-800-53-SC-8",
|
|
27634
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27635
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
27636
|
+
},
|
|
27637
|
+
{
|
|
27638
|
+
"id": "NIST-800-53-SI-2",
|
|
27639
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27640
|
+
"control_name": "Flaw Remediation"
|
|
27641
|
+
},
|
|
27642
|
+
{
|
|
27643
|
+
"id": "NIST-800-53-SI-3",
|
|
27644
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27645
|
+
"control_name": "Malicious Code Protection"
|
|
27646
|
+
},
|
|
27647
|
+
{
|
|
27648
|
+
"id": "NIST-800-82r3",
|
|
27649
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
27650
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
27651
|
+
},
|
|
27652
|
+
{
|
|
27653
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
27654
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27655
|
+
"control_name": "Prompt Injection"
|
|
27656
|
+
},
|
|
27657
|
+
{
|
|
27658
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
27659
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27660
|
+
"control_name": "Sensitive Information Disclosure"
|
|
27661
|
+
},
|
|
27662
|
+
{
|
|
27663
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
27664
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
27665
|
+
"control_name": "Web application penetration testing methodology"
|
|
27666
|
+
},
|
|
27667
|
+
{
|
|
27668
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
27669
|
+
"framework": "PCI DSS 4.0",
|
|
27670
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
27671
|
+
},
|
|
27672
|
+
{
|
|
27673
|
+
"id": "PTES-Pre-engagement",
|
|
27674
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
27675
|
+
"control_name": "Pre-engagement Interactions"
|
|
27676
|
+
},
|
|
27677
|
+
{
|
|
27678
|
+
"id": "SOC2-CC6-logical-access",
|
|
27679
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27680
|
+
"control_name": "Logical and Physical Access Controls"
|
|
27681
|
+
},
|
|
27682
|
+
{
|
|
27683
|
+
"id": "SOC2-CC9-vendor-management",
|
|
27684
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27685
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
27686
|
+
}
|
|
27687
|
+
],
|
|
27688
|
+
"attack_refs": [
|
|
27689
|
+
"T0855",
|
|
27690
|
+
"T0883",
|
|
27691
|
+
"T1059",
|
|
27692
|
+
"T1068",
|
|
27693
|
+
"T1078",
|
|
27694
|
+
"T1133",
|
|
27695
|
+
"T1190",
|
|
27696
|
+
"T1548.001",
|
|
27697
|
+
"T1566"
|
|
27698
|
+
],
|
|
27699
|
+
"rfc_refs": [
|
|
27700
|
+
"RFC-4301",
|
|
27701
|
+
"RFC-4303",
|
|
27702
|
+
"RFC-7296"
|
|
27703
|
+
]
|
|
27704
|
+
}
|
|
27705
|
+
},
|
|
27706
|
+
"CVE-2024-39722": {
|
|
27707
|
+
"name": "Ollama api/push Path Traversal File-Existence Disclosure",
|
|
27708
|
+
"rwep": 27,
|
|
27709
|
+
"cvss": 7.5,
|
|
27710
|
+
"cisa_kev": false,
|
|
27711
|
+
"epss_score": null,
|
|
27712
|
+
"referencing_skills": [
|
|
27713
|
+
"kernel-lpe-triage",
|
|
27714
|
+
"ai-attack-surface",
|
|
27715
|
+
"compliance-theater",
|
|
27716
|
+
"attack-surface-pentest",
|
|
27717
|
+
"ot-ics-security",
|
|
27718
|
+
"coordinated-vuln-disclosure",
|
|
27719
|
+
"sector-energy"
|
|
27720
|
+
],
|
|
27721
|
+
"chain": {
|
|
27722
|
+
"cwes": [
|
|
27723
|
+
{
|
|
27724
|
+
"id": "CWE-1037",
|
|
27725
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
27726
|
+
"category": "Hardware / Side Channel"
|
|
27727
|
+
},
|
|
27728
|
+
{
|
|
27729
|
+
"id": "CWE-1039",
|
|
27730
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
27731
|
+
"category": "AI/ML"
|
|
27732
|
+
},
|
|
27733
|
+
{
|
|
27734
|
+
"id": "CWE-125",
|
|
27735
|
+
"name": "Out-of-bounds Read",
|
|
27736
|
+
"category": "Memory Safety"
|
|
27737
|
+
},
|
|
27738
|
+
{
|
|
27739
|
+
"id": "CWE-1357",
|
|
27740
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
27741
|
+
"category": "Supply Chain"
|
|
27742
|
+
},
|
|
27743
|
+
{
|
|
27744
|
+
"id": "CWE-1395",
|
|
27745
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
27746
|
+
"category": "Supply Chain"
|
|
27747
|
+
},
|
|
27748
|
+
{
|
|
27749
|
+
"id": "CWE-1426",
|
|
27750
|
+
"name": "Improper Validation of Generative AI Output",
|
|
27751
|
+
"category": "AI/ML"
|
|
27752
|
+
},
|
|
27753
|
+
{
|
|
27754
|
+
"id": "CWE-22",
|
|
27755
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
27756
|
+
"category": "Path/Resource"
|
|
27757
|
+
},
|
|
27758
|
+
{
|
|
27759
|
+
"id": "CWE-269",
|
|
27760
|
+
"name": "Improper Privilege Management",
|
|
27761
|
+
"category": "Authorization"
|
|
27762
|
+
},
|
|
27763
|
+
{
|
|
27764
|
+
"id": "CWE-287",
|
|
27765
|
+
"name": "Improper Authentication",
|
|
27766
|
+
"category": "Authentication"
|
|
27767
|
+
},
|
|
27768
|
+
{
|
|
27769
|
+
"id": "CWE-306",
|
|
27770
|
+
"name": "Missing Authentication for Critical Function",
|
|
27771
|
+
"category": "Authentication"
|
|
27772
|
+
},
|
|
27773
|
+
{
|
|
27774
|
+
"id": "CWE-352",
|
|
27775
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
27776
|
+
"category": "Session"
|
|
27777
|
+
},
|
|
27778
|
+
{
|
|
27779
|
+
"id": "CWE-362",
|
|
27780
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
27781
|
+
"category": "Concurrency"
|
|
27782
|
+
},
|
|
27783
|
+
{
|
|
27784
|
+
"id": "CWE-416",
|
|
27785
|
+
"name": "Use After Free",
|
|
27786
|
+
"category": "Memory Safety"
|
|
27787
|
+
},
|
|
27788
|
+
{
|
|
27789
|
+
"id": "CWE-434",
|
|
27790
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
27791
|
+
"category": "File Handling"
|
|
27792
|
+
},
|
|
27793
|
+
{
|
|
27794
|
+
"id": "CWE-672",
|
|
27795
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
27796
|
+
"category": "Memory Safety"
|
|
27797
|
+
},
|
|
27798
|
+
{
|
|
27799
|
+
"id": "CWE-732",
|
|
27800
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
27801
|
+
"category": "Authorization"
|
|
27802
|
+
},
|
|
27803
|
+
{
|
|
27804
|
+
"id": "CWE-78",
|
|
27805
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
27806
|
+
"category": "Injection"
|
|
27807
|
+
},
|
|
27808
|
+
{
|
|
27809
|
+
"id": "CWE-787",
|
|
27810
|
+
"name": "Out-of-bounds Write",
|
|
27811
|
+
"category": "Memory Safety"
|
|
27812
|
+
},
|
|
27813
|
+
{
|
|
27814
|
+
"id": "CWE-79",
|
|
27815
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
27816
|
+
"category": "Injection"
|
|
27817
|
+
},
|
|
27818
|
+
{
|
|
27819
|
+
"id": "CWE-798",
|
|
27820
|
+
"name": "Use of Hard-coded Credentials",
|
|
27821
|
+
"category": "Credentials"
|
|
27822
|
+
},
|
|
27823
|
+
{
|
|
27824
|
+
"id": "CWE-89",
|
|
27825
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
27826
|
+
"category": "Injection"
|
|
27827
|
+
},
|
|
27828
|
+
{
|
|
27829
|
+
"id": "CWE-918",
|
|
27830
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
27831
|
+
"category": "Network"
|
|
27832
|
+
},
|
|
27833
|
+
{
|
|
27834
|
+
"id": "CWE-94",
|
|
27835
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
27836
|
+
"category": "Injection"
|
|
27837
|
+
}
|
|
27838
|
+
],
|
|
27839
|
+
"atlas": [
|
|
27840
|
+
{
|
|
27841
|
+
"id": "AML.T0010",
|
|
27842
|
+
"name": "ML Supply Chain Compromise",
|
|
27843
|
+
"tactic": "Initial Access"
|
|
27844
|
+
},
|
|
27845
|
+
{
|
|
27846
|
+
"id": "AML.T0016",
|
|
27847
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
27848
|
+
"tactic": "Resource Development"
|
|
27849
|
+
},
|
|
27850
|
+
{
|
|
27851
|
+
"id": "AML.T0017",
|
|
27852
|
+
"name": "Discover ML Model Ontology",
|
|
27853
|
+
"tactic": "Discovery"
|
|
27854
|
+
},
|
|
27855
|
+
{
|
|
27856
|
+
"id": "AML.T0018",
|
|
27857
|
+
"name": "Backdoor ML Model",
|
|
27858
|
+
"tactic": "Persistence"
|
|
27859
|
+
},
|
|
27860
|
+
{
|
|
27861
|
+
"id": "AML.T0020",
|
|
27862
|
+
"name": "Poison Training Data",
|
|
27863
|
+
"tactic": "ML Attack Staging"
|
|
27864
|
+
},
|
|
27865
|
+
{
|
|
27866
|
+
"id": "AML.T0043",
|
|
27867
|
+
"name": "Craft Adversarial Data",
|
|
27868
|
+
"tactic": "ML Attack Staging"
|
|
27869
|
+
},
|
|
27870
|
+
{
|
|
27871
|
+
"id": "AML.T0051",
|
|
27872
|
+
"name": "LLM Prompt Injection",
|
|
27873
|
+
"tactic": "Execution"
|
|
27874
|
+
},
|
|
27875
|
+
{
|
|
27876
|
+
"id": "AML.T0054",
|
|
27877
|
+
"name": "LLM Jailbreak",
|
|
27878
|
+
"tactic": "Defense Evasion"
|
|
27879
|
+
},
|
|
27880
|
+
{
|
|
27881
|
+
"id": "AML.T0096",
|
|
27882
|
+
"name": "AI API as Covert C2 Channel",
|
|
27883
|
+
"tactic": "Command and Control"
|
|
27884
|
+
}
|
|
27885
|
+
],
|
|
27886
|
+
"d3fend": [
|
|
27887
|
+
{
|
|
27888
|
+
"id": "D3-ASLR",
|
|
27889
|
+
"name": "Address Space Layout Randomization",
|
|
27890
|
+
"tactic": "Harden"
|
|
27891
|
+
},
|
|
27892
|
+
{
|
|
27893
|
+
"id": "D3-CSPP",
|
|
27894
|
+
"name": "Client-server Payload Profiling",
|
|
27895
|
+
"tactic": "Detect"
|
|
27896
|
+
},
|
|
27897
|
+
{
|
|
27898
|
+
"id": "D3-EAL",
|
|
27899
|
+
"name": "Executable Allowlisting",
|
|
27900
|
+
"tactic": "Harden"
|
|
27901
|
+
},
|
|
27902
|
+
{
|
|
27903
|
+
"id": "D3-IOPR",
|
|
27904
|
+
"name": "Input/Output Profiling Resource",
|
|
27905
|
+
"tactic": "Detect"
|
|
27906
|
+
},
|
|
27907
|
+
{
|
|
27908
|
+
"id": "D3-NTA",
|
|
27909
|
+
"name": "Network Traffic Analysis",
|
|
27910
|
+
"tactic": "Detect"
|
|
27911
|
+
},
|
|
27912
|
+
{
|
|
27913
|
+
"id": "D3-PHRA",
|
|
27914
|
+
"name": "Process Hardware Resource Access",
|
|
27915
|
+
"tactic": "Isolate"
|
|
27916
|
+
},
|
|
27917
|
+
{
|
|
27918
|
+
"id": "D3-PSEP",
|
|
27919
|
+
"name": "Process Segment Execution Prevention",
|
|
27920
|
+
"tactic": "Harden"
|
|
27921
|
+
}
|
|
27922
|
+
],
|
|
27923
|
+
"framework_gaps": [
|
|
27924
|
+
{
|
|
27925
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
27926
|
+
"framework": "ALL",
|
|
27927
|
+
"control_name": "AI Pipeline Integrity"
|
|
27928
|
+
},
|
|
27929
|
+
{
|
|
27930
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
27931
|
+
"framework": "ALL",
|
|
27932
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
27933
|
+
},
|
|
27934
|
+
{
|
|
27935
|
+
"id": "CIS-Controls-v8-Control7",
|
|
27936
|
+
"framework": "CIS Controls v8",
|
|
27937
|
+
"control_name": "Continuous Vulnerability Management"
|
|
27938
|
+
},
|
|
27939
|
+
{
|
|
27940
|
+
"id": "CMMC-2.0-Level-2",
|
|
27941
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
27942
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
27943
|
+
},
|
|
27944
|
+
{
|
|
27945
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
27946
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
27947
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
27948
|
+
},
|
|
27949
|
+
{
|
|
27950
|
+
"id": "IEC-62443-3-3",
|
|
27951
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
27952
|
+
"control_name": "System security requirements and security levels"
|
|
27953
|
+
},
|
|
27954
|
+
{
|
|
27955
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
27956
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27957
|
+
"control_name": "Secure coding"
|
|
27958
|
+
},
|
|
27959
|
+
{
|
|
27960
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
27961
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27962
|
+
"control_name": "Management of technical vulnerabilities"
|
|
27963
|
+
},
|
|
27964
|
+
{
|
|
27965
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
27966
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
27967
|
+
"control_name": "AI risk management process"
|
|
27968
|
+
},
|
|
27969
|
+
{
|
|
27970
|
+
"id": "NERC-CIP-007-6-R4",
|
|
27971
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
27972
|
+
"control_name": "Security event monitoring"
|
|
27973
|
+
},
|
|
27974
|
+
{
|
|
27975
|
+
"id": "NIS2-Art21-patch-management",
|
|
27976
|
+
"framework": "EU NIS2 Directive",
|
|
27977
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
27978
|
+
},
|
|
27979
|
+
{
|
|
27980
|
+
"id": "NIST-800-115",
|
|
27981
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
27982
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
27983
|
+
},
|
|
27984
|
+
{
|
|
27985
|
+
"id": "NIST-800-218-SSDF",
|
|
27986
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
27987
|
+
"control_name": "Secure Software Development Framework"
|
|
27988
|
+
},
|
|
27989
|
+
{
|
|
27990
|
+
"id": "NIST-800-53-AC-2",
|
|
27991
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27992
|
+
"control_name": "Account Management"
|
|
27993
|
+
},
|
|
27994
|
+
{
|
|
27995
|
+
"id": "NIST-800-53-SC-8",
|
|
27996
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27997
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
27998
|
+
},
|
|
27999
|
+
{
|
|
28000
|
+
"id": "NIST-800-53-SI-2",
|
|
28001
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28002
|
+
"control_name": "Flaw Remediation"
|
|
28003
|
+
},
|
|
28004
|
+
{
|
|
28005
|
+
"id": "NIST-800-53-SI-3",
|
|
28006
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28007
|
+
"control_name": "Malicious Code Protection"
|
|
28008
|
+
},
|
|
28009
|
+
{
|
|
28010
|
+
"id": "NIST-800-82r3",
|
|
28011
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
28012
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
28013
|
+
},
|
|
28014
|
+
{
|
|
28015
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
28016
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28017
|
+
"control_name": "Prompt Injection"
|
|
28018
|
+
},
|
|
28019
|
+
{
|
|
28020
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
28021
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28022
|
+
"control_name": "Sensitive Information Disclosure"
|
|
28023
|
+
},
|
|
28024
|
+
{
|
|
28025
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
28026
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
28027
|
+
"control_name": "Web application penetration testing methodology"
|
|
28028
|
+
},
|
|
28029
|
+
{
|
|
28030
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
28031
|
+
"framework": "PCI DSS 4.0",
|
|
28032
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
28033
|
+
},
|
|
28034
|
+
{
|
|
28035
|
+
"id": "PTES-Pre-engagement",
|
|
28036
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
28037
|
+
"control_name": "Pre-engagement Interactions"
|
|
28038
|
+
},
|
|
28039
|
+
{
|
|
28040
|
+
"id": "SOC2-CC6-logical-access",
|
|
28041
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28042
|
+
"control_name": "Logical and Physical Access Controls"
|
|
28043
|
+
},
|
|
28044
|
+
{
|
|
28045
|
+
"id": "SOC2-CC9-vendor-management",
|
|
28046
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28047
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
28048
|
+
}
|
|
28049
|
+
],
|
|
28050
|
+
"attack_refs": [
|
|
28051
|
+
"T0855",
|
|
28052
|
+
"T0883",
|
|
28053
|
+
"T1059",
|
|
28054
|
+
"T1068",
|
|
28055
|
+
"T1078",
|
|
28056
|
+
"T1133",
|
|
28057
|
+
"T1190",
|
|
28058
|
+
"T1548.001",
|
|
28059
|
+
"T1566"
|
|
28060
|
+
],
|
|
28061
|
+
"rfc_refs": [
|
|
28062
|
+
"RFC-4301",
|
|
28063
|
+
"RFC-4303",
|
|
28064
|
+
"RFC-7296"
|
|
28065
|
+
]
|
|
28066
|
+
}
|
|
28067
|
+
},
|
|
26620
28068
|
"CVE-2026-41091": {
|
|
26621
28069
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
26622
28070
|
"rwep": 45,
|
|
@@ -52992,11 +54440,15 @@
|
|
|
52992
54440
|
},
|
|
52993
54441
|
"related_cves": [
|
|
52994
54442
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
54443
|
+
"CVE-2022-1471",
|
|
52995
54444
|
"CVE-2023-43472",
|
|
54445
|
+
"CVE-2023-43654",
|
|
52996
54446
|
"CVE-2023-48022",
|
|
52997
54447
|
"CVE-2024-0132",
|
|
52998
54448
|
"CVE-2024-3094",
|
|
52999
54449
|
"CVE-2024-3154",
|
|
54450
|
+
"CVE-2024-37032",
|
|
54451
|
+
"CVE-2024-39722",
|
|
53000
54452
|
"CVE-2024-42478",
|
|
53001
54453
|
"CVE-2024-42479",
|
|
53002
54454
|
"CVE-2024-50050",
|
|
@@ -53368,9 +54820,13 @@
|
|
|
53368
54820
|
]
|
|
53369
54821
|
},
|
|
53370
54822
|
"related_cves": [
|
|
54823
|
+
"CVE-2022-1471",
|
|
53371
54824
|
"CVE-2023-43472",
|
|
54825
|
+
"CVE-2023-43654",
|
|
53372
54826
|
"CVE-2023-48022",
|
|
53373
54827
|
"CVE-2024-0132",
|
|
54828
|
+
"CVE-2024-37032",
|
|
54829
|
+
"CVE-2024-39722",
|
|
53374
54830
|
"CVE-2024-42478",
|
|
53375
54831
|
"CVE-2024-42479",
|
|
53376
54832
|
"CVE-2024-50050",
|
|
@@ -53535,9 +54991,13 @@
|
|
|
53535
54991
|
]
|
|
53536
54992
|
},
|
|
53537
54993
|
"related_cves": [
|
|
54994
|
+
"CVE-2022-1471",
|
|
53538
54995
|
"CVE-2023-43472",
|
|
54996
|
+
"CVE-2023-43654",
|
|
53539
54997
|
"CVE-2023-48022",
|
|
53540
54998
|
"CVE-2024-0132",
|
|
54999
|
+
"CVE-2024-37032",
|
|
55000
|
+
"CVE-2024-39722",
|
|
53541
55001
|
"CVE-2024-42478",
|
|
53542
55002
|
"CVE-2024-42479",
|
|
53543
55003
|
"CVE-2024-50050",
|
|
@@ -53716,9 +55176,13 @@
|
|
|
53716
55176
|
]
|
|
53717
55177
|
},
|
|
53718
55178
|
"related_cves": [
|
|
55179
|
+
"CVE-2022-1471",
|
|
53719
55180
|
"CVE-2023-43472",
|
|
55181
|
+
"CVE-2023-43654",
|
|
53720
55182
|
"CVE-2023-48022",
|
|
53721
55183
|
"CVE-2024-0132",
|
|
55184
|
+
"CVE-2024-37032",
|
|
55185
|
+
"CVE-2024-39722",
|
|
53722
55186
|
"CVE-2024-42478",
|
|
53723
55187
|
"CVE-2024-42479",
|
|
53724
55188
|
"CVE-2024-50050",
|
|
@@ -54001,11 +55465,15 @@
|
|
|
54001
55465
|
"related_cves": [
|
|
54002
55466
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
54003
55467
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
55468
|
+
"CVE-2022-1471",
|
|
54004
55469
|
"CVE-2023-43472",
|
|
55470
|
+
"CVE-2023-43654",
|
|
54005
55471
|
"CVE-2023-48022",
|
|
54006
55472
|
"CVE-2024-0132",
|
|
54007
55473
|
"CVE-2024-3094",
|
|
54008
55474
|
"CVE-2024-3154",
|
|
55475
|
+
"CVE-2024-37032",
|
|
55476
|
+
"CVE-2024-39722",
|
|
54009
55477
|
"CVE-2024-42478",
|
|
54010
55478
|
"CVE-2024-42479",
|
|
54011
55479
|
"CVE-2024-50050",
|
|
@@ -54226,6 +55694,7 @@
|
|
|
54226
55694
|
"CVE-2021-39935",
|
|
54227
55695
|
"CVE-2021-43226",
|
|
54228
55696
|
"CVE-2021-43798",
|
|
55697
|
+
"CVE-2022-1471",
|
|
54229
55698
|
"CVE-2022-20775",
|
|
54230
55699
|
"CVE-2022-37055",
|
|
54231
55700
|
"CVE-2022-40799",
|
|
@@ -54241,6 +55710,7 @@
|
|
|
54241
55710
|
"CVE-2023-39780",
|
|
54242
55711
|
"CVE-2023-41974",
|
|
54243
55712
|
"CVE-2023-43000",
|
|
55713
|
+
"CVE-2023-43654",
|
|
54244
55714
|
"CVE-2023-48022",
|
|
54245
55715
|
"CVE-2023-50224",
|
|
54246
55716
|
"CVE-2023-52163",
|
|
@@ -54252,7 +55722,9 @@
|
|
|
54252
55722
|
"CVE-2024-21762",
|
|
54253
55723
|
"CVE-2024-27199",
|
|
54254
55724
|
"CVE-2024-27443",
|
|
55725
|
+
"CVE-2024-37032",
|
|
54255
55726
|
"CVE-2024-37079",
|
|
55727
|
+
"CVE-2024-39722",
|
|
54256
55728
|
"CVE-2024-42009",
|
|
54257
55729
|
"CVE-2024-42478",
|
|
54258
55730
|
"CVE-2024-42479",
|
|
@@ -55065,11 +56537,15 @@
|
|
|
55065
56537
|
},
|
|
55066
56538
|
"related_cves": [
|
|
55067
56539
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
56540
|
+
"CVE-2022-1471",
|
|
55068
56541
|
"CVE-2023-43472",
|
|
56542
|
+
"CVE-2023-43654",
|
|
55069
56543
|
"CVE-2023-48022",
|
|
55070
56544
|
"CVE-2024-0132",
|
|
55071
56545
|
"CVE-2024-3094",
|
|
55072
56546
|
"CVE-2024-3154",
|
|
56547
|
+
"CVE-2024-37032",
|
|
56548
|
+
"CVE-2024-39722",
|
|
55073
56549
|
"CVE-2024-42478",
|
|
55074
56550
|
"CVE-2024-42479",
|
|
55075
56551
|
"CVE-2024-50050",
|
|
@@ -55671,11 +57147,15 @@
|
|
|
55671
57147
|
},
|
|
55672
57148
|
"related_cves": [
|
|
55673
57149
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
57150
|
+
"CVE-2022-1471",
|
|
55674
57151
|
"CVE-2023-43472",
|
|
57152
|
+
"CVE-2023-43654",
|
|
55675
57153
|
"CVE-2023-48022",
|
|
55676
57154
|
"CVE-2024-0132",
|
|
55677
57155
|
"CVE-2024-3094",
|
|
55678
57156
|
"CVE-2024-3154",
|
|
57157
|
+
"CVE-2024-37032",
|
|
57158
|
+
"CVE-2024-39722",
|
|
55679
57159
|
"CVE-2024-42478",
|
|
55680
57160
|
"CVE-2024-42479",
|
|
55681
57161
|
"CVE-2024-50050",
|
|
@@ -55916,9 +57396,13 @@
|
|
|
55916
57396
|
]
|
|
55917
57397
|
},
|
|
55918
57398
|
"related_cves": [
|
|
57399
|
+
"CVE-2022-1471",
|
|
57400
|
+
"CVE-2023-43654",
|
|
55919
57401
|
"CVE-2023-48022",
|
|
55920
57402
|
"CVE-2024-0132",
|
|
55921
57403
|
"CVE-2024-3094",
|
|
57404
|
+
"CVE-2024-37032",
|
|
57405
|
+
"CVE-2024-39722",
|
|
55922
57406
|
"CVE-2024-42478",
|
|
55923
57407
|
"CVE-2024-42479",
|
|
55924
57408
|
"CVE-2024-50050",
|
|
@@ -56585,11 +58069,15 @@
|
|
|
56585
58069
|
},
|
|
56586
58070
|
"related_cves": [
|
|
56587
58071
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
58072
|
+
"CVE-2022-1471",
|
|
56588
58073
|
"CVE-2023-43472",
|
|
58074
|
+
"CVE-2023-43654",
|
|
56589
58075
|
"CVE-2023-48022",
|
|
56590
58076
|
"CVE-2024-0132",
|
|
56591
58077
|
"CVE-2024-3094",
|
|
56592
58078
|
"CVE-2024-3154",
|
|
58079
|
+
"CVE-2024-37032",
|
|
58080
|
+
"CVE-2024-39722",
|
|
56593
58081
|
"CVE-2024-42478",
|
|
56594
58082
|
"CVE-2024-42479",
|
|
56595
58083
|
"CVE-2024-50050",
|
|
@@ -56817,6 +58305,7 @@
|
|
|
56817
58305
|
"CVE-2021-39935",
|
|
56818
58306
|
"CVE-2021-43226",
|
|
56819
58307
|
"CVE-2021-43798",
|
|
58308
|
+
"CVE-2022-1471",
|
|
56820
58309
|
"CVE-2022-20775",
|
|
56821
58310
|
"CVE-2022-37055",
|
|
56822
58311
|
"CVE-2022-40799",
|
|
@@ -56832,6 +58321,7 @@
|
|
|
56832
58321
|
"CVE-2023-39780",
|
|
56833
58322
|
"CVE-2023-41974",
|
|
56834
58323
|
"CVE-2023-43000",
|
|
58324
|
+
"CVE-2023-43654",
|
|
56835
58325
|
"CVE-2023-48022",
|
|
56836
58326
|
"CVE-2023-50224",
|
|
56837
58327
|
"CVE-2023-52163",
|
|
@@ -56843,7 +58333,9 @@
|
|
|
56843
58333
|
"CVE-2024-21762",
|
|
56844
58334
|
"CVE-2024-27199",
|
|
56845
58335
|
"CVE-2024-27443",
|
|
58336
|
+
"CVE-2024-37032",
|
|
56846
58337
|
"CVE-2024-37079",
|
|
58338
|
+
"CVE-2024-39722",
|
|
56847
58339
|
"CVE-2024-42009",
|
|
56848
58340
|
"CVE-2024-42478",
|
|
56849
58341
|
"CVE-2024-42479",
|
|
@@ -57244,6 +58736,7 @@
|
|
|
57244
58736
|
"CVE-2021-39935",
|
|
57245
58737
|
"CVE-2021-43226",
|
|
57246
58738
|
"CVE-2021-43798",
|
|
58739
|
+
"CVE-2022-1471",
|
|
57247
58740
|
"CVE-2022-20775",
|
|
57248
58741
|
"CVE-2022-37055",
|
|
57249
58742
|
"CVE-2022-40799",
|
|
@@ -57259,6 +58752,7 @@
|
|
|
57259
58752
|
"CVE-2023-39780",
|
|
57260
58753
|
"CVE-2023-41974",
|
|
57261
58754
|
"CVE-2023-43000",
|
|
58755
|
+
"CVE-2023-43654",
|
|
57262
58756
|
"CVE-2023-48022",
|
|
57263
58757
|
"CVE-2023-50224",
|
|
57264
58758
|
"CVE-2023-52163",
|
|
@@ -57270,7 +58764,9 @@
|
|
|
57270
58764
|
"CVE-2024-21762",
|
|
57271
58765
|
"CVE-2024-27199",
|
|
57272
58766
|
"CVE-2024-27443",
|
|
58767
|
+
"CVE-2024-37032",
|
|
57273
58768
|
"CVE-2024-37079",
|
|
58769
|
+
"CVE-2024-39722",
|
|
57274
58770
|
"CVE-2024-42009",
|
|
57275
58771
|
"CVE-2024-42478",
|
|
57276
58772
|
"CVE-2024-42479",
|
|
@@ -57718,11 +59214,15 @@
|
|
|
57718
59214
|
},
|
|
57719
59215
|
"related_cves": [
|
|
57720
59216
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
59217
|
+
"CVE-2022-1471",
|
|
57721
59218
|
"CVE-2023-43472",
|
|
59219
|
+
"CVE-2023-43654",
|
|
57722
59220
|
"CVE-2023-48022",
|
|
57723
59221
|
"CVE-2024-0132",
|
|
57724
59222
|
"CVE-2024-3094",
|
|
57725
59223
|
"CVE-2024-3154",
|
|
59224
|
+
"CVE-2024-37032",
|
|
59225
|
+
"CVE-2024-39722",
|
|
57726
59226
|
"CVE-2024-42478",
|
|
57727
59227
|
"CVE-2024-42479",
|
|
57728
59228
|
"CVE-2024-50050",
|
|
@@ -58502,6 +60002,7 @@
|
|
|
58502
60002
|
"CVE-2021-39935",
|
|
58503
60003
|
"CVE-2021-43226",
|
|
58504
60004
|
"CVE-2021-43798",
|
|
60005
|
+
"CVE-2022-1471",
|
|
58505
60006
|
"CVE-2022-20775",
|
|
58506
60007
|
"CVE-2022-37055",
|
|
58507
60008
|
"CVE-2022-40799",
|
|
@@ -58517,6 +60018,7 @@
|
|
|
58517
60018
|
"CVE-2023-39780",
|
|
58518
60019
|
"CVE-2023-41974",
|
|
58519
60020
|
"CVE-2023-43000",
|
|
60021
|
+
"CVE-2023-43654",
|
|
58520
60022
|
"CVE-2023-48022",
|
|
58521
60023
|
"CVE-2023-50224",
|
|
58522
60024
|
"CVE-2023-52163",
|
|
@@ -58528,7 +60030,9 @@
|
|
|
58528
60030
|
"CVE-2024-21762",
|
|
58529
60031
|
"CVE-2024-27199",
|
|
58530
60032
|
"CVE-2024-27443",
|
|
60033
|
+
"CVE-2024-37032",
|
|
58531
60034
|
"CVE-2024-37079",
|
|
60035
|
+
"CVE-2024-39722",
|
|
58532
60036
|
"CVE-2024-42009",
|
|
58533
60037
|
"CVE-2024-42478",
|
|
58534
60038
|
"CVE-2024-42479",
|
|
@@ -59040,11 +60544,15 @@
|
|
|
59040
60544
|
},
|
|
59041
60545
|
"related_cves": [
|
|
59042
60546
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
60547
|
+
"CVE-2022-1471",
|
|
59043
60548
|
"CVE-2023-43472",
|
|
60549
|
+
"CVE-2023-43654",
|
|
59044
60550
|
"CVE-2023-48022",
|
|
59045
60551
|
"CVE-2024-0132",
|
|
59046
60552
|
"CVE-2024-3094",
|
|
59047
60553
|
"CVE-2024-3154",
|
|
60554
|
+
"CVE-2024-37032",
|
|
60555
|
+
"CVE-2024-39722",
|
|
59048
60556
|
"CVE-2024-42478",
|
|
59049
60557
|
"CVE-2024-42479",
|
|
59050
60558
|
"CVE-2024-50050",
|
|
@@ -59349,6 +60857,7 @@
|
|
|
59349
60857
|
"CVE-2021-39935",
|
|
59350
60858
|
"CVE-2021-43226",
|
|
59351
60859
|
"CVE-2021-43798",
|
|
60860
|
+
"CVE-2022-1471",
|
|
59352
60861
|
"CVE-2022-20775",
|
|
59353
60862
|
"CVE-2022-37055",
|
|
59354
60863
|
"CVE-2022-40799",
|
|
@@ -59365,6 +60874,7 @@
|
|
|
59365
60874
|
"CVE-2023-41974",
|
|
59366
60875
|
"CVE-2023-43000",
|
|
59367
60876
|
"CVE-2023-43472",
|
|
60877
|
+
"CVE-2023-43654",
|
|
59368
60878
|
"CVE-2023-48022",
|
|
59369
60879
|
"CVE-2023-50224",
|
|
59370
60880
|
"CVE-2023-52163",
|
|
@@ -59378,7 +60888,9 @@
|
|
|
59378
60888
|
"CVE-2024-27443",
|
|
59379
60889
|
"CVE-2024-3094",
|
|
59380
60890
|
"CVE-2024-3154",
|
|
60891
|
+
"CVE-2024-37032",
|
|
59381
60892
|
"CVE-2024-37079",
|
|
60893
|
+
"CVE-2024-39722",
|
|
59382
60894
|
"CVE-2024-42009",
|
|
59383
60895
|
"CVE-2024-42478",
|
|
59384
60896
|
"CVE-2024-42479",
|
|
@@ -59908,10 +61420,14 @@
|
|
|
59908
61420
|
},
|
|
59909
61421
|
"related_cves": [
|
|
59910
61422
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
61423
|
+
"CVE-2022-1471",
|
|
61424
|
+
"CVE-2023-43654",
|
|
59911
61425
|
"CVE-2023-48022",
|
|
59912
61426
|
"CVE-2024-0132",
|
|
59913
61427
|
"CVE-2024-3094",
|
|
59914
61428
|
"CVE-2024-3154",
|
|
61429
|
+
"CVE-2024-37032",
|
|
61430
|
+
"CVE-2024-39722",
|
|
59915
61431
|
"CVE-2024-42478",
|
|
59916
61432
|
"CVE-2024-42479",
|
|
59917
61433
|
"CVE-2024-50050",
|
|
@@ -60848,11 +62364,15 @@
|
|
|
60848
62364
|
},
|
|
60849
62365
|
"related_cves": [
|
|
60850
62366
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
62367
|
+
"CVE-2022-1471",
|
|
60851
62368
|
"CVE-2023-43472",
|
|
62369
|
+
"CVE-2023-43654",
|
|
60852
62370
|
"CVE-2023-48022",
|
|
60853
62371
|
"CVE-2024-0132",
|
|
60854
62372
|
"CVE-2024-3094",
|
|
60855
62373
|
"CVE-2024-3154",
|
|
62374
|
+
"CVE-2024-37032",
|
|
62375
|
+
"CVE-2024-39722",
|
|
60856
62376
|
"CVE-2024-42478",
|
|
60857
62377
|
"CVE-2024-42479",
|
|
60858
62378
|
"CVE-2024-50050",
|
|
@@ -60954,8 +62474,12 @@
|
|
|
60954
62474
|
"rfc_refs": []
|
|
60955
62475
|
},
|
|
60956
62476
|
"related_cves": [
|
|
62477
|
+
"CVE-2022-1471",
|
|
62478
|
+
"CVE-2023-43654",
|
|
60957
62479
|
"CVE-2023-48022",
|
|
60958
62480
|
"CVE-2024-0132",
|
|
62481
|
+
"CVE-2024-37032",
|
|
62482
|
+
"CVE-2024-39722",
|
|
60959
62483
|
"CVE-2024-42478",
|
|
60960
62484
|
"CVE-2024-42479",
|
|
60961
62485
|
"CVE-2024-50050",
|
|
@@ -61128,9 +62652,13 @@
|
|
|
61128
62652
|
},
|
|
61129
62653
|
"related_cves": [
|
|
61130
62654
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
62655
|
+
"CVE-2022-1471",
|
|
61131
62656
|
"CVE-2023-43472",
|
|
62657
|
+
"CVE-2023-43654",
|
|
61132
62658
|
"CVE-2023-48022",
|
|
61133
62659
|
"CVE-2024-0132",
|
|
62660
|
+
"CVE-2024-37032",
|
|
62661
|
+
"CVE-2024-39722",
|
|
61134
62662
|
"CVE-2024-42478",
|
|
61135
62663
|
"CVE-2024-42479",
|
|
61136
62664
|
"CVE-2024-50050",
|
|
@@ -61539,6 +63067,7 @@
|
|
|
61539
63067
|
"CVE-2021-39935",
|
|
61540
63068
|
"CVE-2021-43226",
|
|
61541
63069
|
"CVE-2021-43798",
|
|
63070
|
+
"CVE-2022-1471",
|
|
61542
63071
|
"CVE-2022-20775",
|
|
61543
63072
|
"CVE-2022-37055",
|
|
61544
63073
|
"CVE-2022-40799",
|
|
@@ -61553,6 +63082,7 @@
|
|
|
61553
63082
|
"CVE-2023-39780",
|
|
61554
63083
|
"CVE-2023-41974",
|
|
61555
63084
|
"CVE-2023-43000",
|
|
63085
|
+
"CVE-2023-43654",
|
|
61556
63086
|
"CVE-2023-50224",
|
|
61557
63087
|
"CVE-2023-52163",
|
|
61558
63088
|
"CVE-2024-0769",
|
|
@@ -61563,7 +63093,9 @@
|
|
|
61563
63093
|
"CVE-2024-27199",
|
|
61564
63094
|
"CVE-2024-27443",
|
|
61565
63095
|
"CVE-2024-3094",
|
|
63096
|
+
"CVE-2024-37032",
|
|
61566
63097
|
"CVE-2024-37079",
|
|
63098
|
+
"CVE-2024-39722",
|
|
61567
63099
|
"CVE-2024-42009",
|
|
61568
63100
|
"CVE-2024-42478",
|
|
61569
63101
|
"CVE-2024-42479",
|
|
@@ -62000,11 +63532,15 @@
|
|
|
62000
63532
|
},
|
|
62001
63533
|
"related_cves": [
|
|
62002
63534
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
63535
|
+
"CVE-2022-1471",
|
|
62003
63536
|
"CVE-2023-43472",
|
|
63537
|
+
"CVE-2023-43654",
|
|
62004
63538
|
"CVE-2023-48022",
|
|
62005
63539
|
"CVE-2024-0132",
|
|
62006
63540
|
"CVE-2024-3094",
|
|
62007
63541
|
"CVE-2024-3154",
|
|
63542
|
+
"CVE-2024-37032",
|
|
63543
|
+
"CVE-2024-39722",
|
|
62008
63544
|
"CVE-2024-42478",
|
|
62009
63545
|
"CVE-2024-42479",
|
|
62010
63546
|
"CVE-2024-50050",
|
|
@@ -62298,10 +63834,14 @@
|
|
|
62298
63834
|
"related_cves": [
|
|
62299
63835
|
"BUG-2026-NIGHTMARE-ECLIPSE-UNDEFEND",
|
|
62300
63836
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
63837
|
+
"CVE-2022-1471",
|
|
62301
63838
|
"CVE-2023-43472",
|
|
63839
|
+
"CVE-2023-43654",
|
|
62302
63840
|
"CVE-2023-48022",
|
|
62303
63841
|
"CVE-2024-0132",
|
|
62304
63842
|
"CVE-2024-3094",
|
|
63843
|
+
"CVE-2024-37032",
|
|
63844
|
+
"CVE-2024-39722",
|
|
62305
63845
|
"CVE-2024-40635",
|
|
62306
63846
|
"CVE-2024-42478",
|
|
62307
63847
|
"CVE-2024-42479",
|