@blamejs/exceptd-skills 0.13.85 → 0.13.87
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1682 -0
- package/data/atlas-ttps.json +7 -0
- package/data/attack-techniques.json +10 -0
- package/data/cve-catalog.json +422 -0
- package/data/cwe-catalog.json +5 -0
- package/data/framework-control-gaps.json +32 -0
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -27341,6 +27341,1594 @@
|
|
|
27341
27341
|
]
|
|
27342
27342
|
}
|
|
27343
27343
|
},
|
|
27344
|
+
"CVE-2024-37032": {
|
|
27345
|
+
"name": "Ollama Model Registry Path Traversal Arbitrary File Write RCE (Probllama)",
|
|
27346
|
+
"rwep": 31,
|
|
27347
|
+
"cvss": 8.8,
|
|
27348
|
+
"cisa_kev": false,
|
|
27349
|
+
"epss_score": null,
|
|
27350
|
+
"referencing_skills": [
|
|
27351
|
+
"kernel-lpe-triage",
|
|
27352
|
+
"ai-attack-surface",
|
|
27353
|
+
"compliance-theater",
|
|
27354
|
+
"attack-surface-pentest",
|
|
27355
|
+
"ot-ics-security",
|
|
27356
|
+
"coordinated-vuln-disclosure",
|
|
27357
|
+
"sector-energy"
|
|
27358
|
+
],
|
|
27359
|
+
"chain": {
|
|
27360
|
+
"cwes": [
|
|
27361
|
+
{
|
|
27362
|
+
"id": "CWE-1037",
|
|
27363
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
27364
|
+
"category": "Hardware / Side Channel"
|
|
27365
|
+
},
|
|
27366
|
+
{
|
|
27367
|
+
"id": "CWE-1039",
|
|
27368
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
27369
|
+
"category": "AI/ML"
|
|
27370
|
+
},
|
|
27371
|
+
{
|
|
27372
|
+
"id": "CWE-125",
|
|
27373
|
+
"name": "Out-of-bounds Read",
|
|
27374
|
+
"category": "Memory Safety"
|
|
27375
|
+
},
|
|
27376
|
+
{
|
|
27377
|
+
"id": "CWE-1357",
|
|
27378
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
27379
|
+
"category": "Supply Chain"
|
|
27380
|
+
},
|
|
27381
|
+
{
|
|
27382
|
+
"id": "CWE-1395",
|
|
27383
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
27384
|
+
"category": "Supply Chain"
|
|
27385
|
+
},
|
|
27386
|
+
{
|
|
27387
|
+
"id": "CWE-1426",
|
|
27388
|
+
"name": "Improper Validation of Generative AI Output",
|
|
27389
|
+
"category": "AI/ML"
|
|
27390
|
+
},
|
|
27391
|
+
{
|
|
27392
|
+
"id": "CWE-22",
|
|
27393
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
27394
|
+
"category": "Path/Resource"
|
|
27395
|
+
},
|
|
27396
|
+
{
|
|
27397
|
+
"id": "CWE-269",
|
|
27398
|
+
"name": "Improper Privilege Management",
|
|
27399
|
+
"category": "Authorization"
|
|
27400
|
+
},
|
|
27401
|
+
{
|
|
27402
|
+
"id": "CWE-287",
|
|
27403
|
+
"name": "Improper Authentication",
|
|
27404
|
+
"category": "Authentication"
|
|
27405
|
+
},
|
|
27406
|
+
{
|
|
27407
|
+
"id": "CWE-306",
|
|
27408
|
+
"name": "Missing Authentication for Critical Function",
|
|
27409
|
+
"category": "Authentication"
|
|
27410
|
+
},
|
|
27411
|
+
{
|
|
27412
|
+
"id": "CWE-352",
|
|
27413
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
27414
|
+
"category": "Session"
|
|
27415
|
+
},
|
|
27416
|
+
{
|
|
27417
|
+
"id": "CWE-362",
|
|
27418
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
27419
|
+
"category": "Concurrency"
|
|
27420
|
+
},
|
|
27421
|
+
{
|
|
27422
|
+
"id": "CWE-416",
|
|
27423
|
+
"name": "Use After Free",
|
|
27424
|
+
"category": "Memory Safety"
|
|
27425
|
+
},
|
|
27426
|
+
{
|
|
27427
|
+
"id": "CWE-434",
|
|
27428
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
27429
|
+
"category": "File Handling"
|
|
27430
|
+
},
|
|
27431
|
+
{
|
|
27432
|
+
"id": "CWE-672",
|
|
27433
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
27434
|
+
"category": "Memory Safety"
|
|
27435
|
+
},
|
|
27436
|
+
{
|
|
27437
|
+
"id": "CWE-732",
|
|
27438
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
27439
|
+
"category": "Authorization"
|
|
27440
|
+
},
|
|
27441
|
+
{
|
|
27442
|
+
"id": "CWE-78",
|
|
27443
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
27444
|
+
"category": "Injection"
|
|
27445
|
+
},
|
|
27446
|
+
{
|
|
27447
|
+
"id": "CWE-787",
|
|
27448
|
+
"name": "Out-of-bounds Write",
|
|
27449
|
+
"category": "Memory Safety"
|
|
27450
|
+
},
|
|
27451
|
+
{
|
|
27452
|
+
"id": "CWE-79",
|
|
27453
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
27454
|
+
"category": "Injection"
|
|
27455
|
+
},
|
|
27456
|
+
{
|
|
27457
|
+
"id": "CWE-798",
|
|
27458
|
+
"name": "Use of Hard-coded Credentials",
|
|
27459
|
+
"category": "Credentials"
|
|
27460
|
+
},
|
|
27461
|
+
{
|
|
27462
|
+
"id": "CWE-89",
|
|
27463
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
27464
|
+
"category": "Injection"
|
|
27465
|
+
},
|
|
27466
|
+
{
|
|
27467
|
+
"id": "CWE-918",
|
|
27468
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
27469
|
+
"category": "Network"
|
|
27470
|
+
},
|
|
27471
|
+
{
|
|
27472
|
+
"id": "CWE-94",
|
|
27473
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
27474
|
+
"category": "Injection"
|
|
27475
|
+
}
|
|
27476
|
+
],
|
|
27477
|
+
"atlas": [
|
|
27478
|
+
{
|
|
27479
|
+
"id": "AML.T0010",
|
|
27480
|
+
"name": "ML Supply Chain Compromise",
|
|
27481
|
+
"tactic": "Initial Access"
|
|
27482
|
+
},
|
|
27483
|
+
{
|
|
27484
|
+
"id": "AML.T0016",
|
|
27485
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
27486
|
+
"tactic": "Resource Development"
|
|
27487
|
+
},
|
|
27488
|
+
{
|
|
27489
|
+
"id": "AML.T0017",
|
|
27490
|
+
"name": "Discover ML Model Ontology",
|
|
27491
|
+
"tactic": "Discovery"
|
|
27492
|
+
},
|
|
27493
|
+
{
|
|
27494
|
+
"id": "AML.T0018",
|
|
27495
|
+
"name": "Backdoor ML Model",
|
|
27496
|
+
"tactic": "Persistence"
|
|
27497
|
+
},
|
|
27498
|
+
{
|
|
27499
|
+
"id": "AML.T0020",
|
|
27500
|
+
"name": "Poison Training Data",
|
|
27501
|
+
"tactic": "ML Attack Staging"
|
|
27502
|
+
},
|
|
27503
|
+
{
|
|
27504
|
+
"id": "AML.T0043",
|
|
27505
|
+
"name": "Craft Adversarial Data",
|
|
27506
|
+
"tactic": "ML Attack Staging"
|
|
27507
|
+
},
|
|
27508
|
+
{
|
|
27509
|
+
"id": "AML.T0051",
|
|
27510
|
+
"name": "LLM Prompt Injection",
|
|
27511
|
+
"tactic": "Execution"
|
|
27512
|
+
},
|
|
27513
|
+
{
|
|
27514
|
+
"id": "AML.T0054",
|
|
27515
|
+
"name": "LLM Jailbreak",
|
|
27516
|
+
"tactic": "Defense Evasion"
|
|
27517
|
+
},
|
|
27518
|
+
{
|
|
27519
|
+
"id": "AML.T0096",
|
|
27520
|
+
"name": "AI API as Covert C2 Channel",
|
|
27521
|
+
"tactic": "Command and Control"
|
|
27522
|
+
}
|
|
27523
|
+
],
|
|
27524
|
+
"d3fend": [
|
|
27525
|
+
{
|
|
27526
|
+
"id": "D3-ASLR",
|
|
27527
|
+
"name": "Address Space Layout Randomization",
|
|
27528
|
+
"tactic": "Harden"
|
|
27529
|
+
},
|
|
27530
|
+
{
|
|
27531
|
+
"id": "D3-CSPP",
|
|
27532
|
+
"name": "Client-server Payload Profiling",
|
|
27533
|
+
"tactic": "Detect"
|
|
27534
|
+
},
|
|
27535
|
+
{
|
|
27536
|
+
"id": "D3-EAL",
|
|
27537
|
+
"name": "Executable Allowlisting",
|
|
27538
|
+
"tactic": "Harden"
|
|
27539
|
+
},
|
|
27540
|
+
{
|
|
27541
|
+
"id": "D3-IOPR",
|
|
27542
|
+
"name": "Input/Output Profiling Resource",
|
|
27543
|
+
"tactic": "Detect"
|
|
27544
|
+
},
|
|
27545
|
+
{
|
|
27546
|
+
"id": "D3-NTA",
|
|
27547
|
+
"name": "Network Traffic Analysis",
|
|
27548
|
+
"tactic": "Detect"
|
|
27549
|
+
},
|
|
27550
|
+
{
|
|
27551
|
+
"id": "D3-PHRA",
|
|
27552
|
+
"name": "Process Hardware Resource Access",
|
|
27553
|
+
"tactic": "Isolate"
|
|
27554
|
+
},
|
|
27555
|
+
{
|
|
27556
|
+
"id": "D3-PSEP",
|
|
27557
|
+
"name": "Process Segment Execution Prevention",
|
|
27558
|
+
"tactic": "Harden"
|
|
27559
|
+
}
|
|
27560
|
+
],
|
|
27561
|
+
"framework_gaps": [
|
|
27562
|
+
{
|
|
27563
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
27564
|
+
"framework": "ALL",
|
|
27565
|
+
"control_name": "AI Pipeline Integrity"
|
|
27566
|
+
},
|
|
27567
|
+
{
|
|
27568
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
27569
|
+
"framework": "ALL",
|
|
27570
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
27571
|
+
},
|
|
27572
|
+
{
|
|
27573
|
+
"id": "CIS-Controls-v8-Control7",
|
|
27574
|
+
"framework": "CIS Controls v8",
|
|
27575
|
+
"control_name": "Continuous Vulnerability Management"
|
|
27576
|
+
},
|
|
27577
|
+
{
|
|
27578
|
+
"id": "CMMC-2.0-Level-2",
|
|
27579
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
27580
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
27581
|
+
},
|
|
27582
|
+
{
|
|
27583
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
27584
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
27585
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
27586
|
+
},
|
|
27587
|
+
{
|
|
27588
|
+
"id": "IEC-62443-3-3",
|
|
27589
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
27590
|
+
"control_name": "System security requirements and security levels"
|
|
27591
|
+
},
|
|
27592
|
+
{
|
|
27593
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
27594
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27595
|
+
"control_name": "Secure coding"
|
|
27596
|
+
},
|
|
27597
|
+
{
|
|
27598
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
27599
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27600
|
+
"control_name": "Management of technical vulnerabilities"
|
|
27601
|
+
},
|
|
27602
|
+
{
|
|
27603
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
27604
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
27605
|
+
"control_name": "AI risk management process"
|
|
27606
|
+
},
|
|
27607
|
+
{
|
|
27608
|
+
"id": "NERC-CIP-007-6-R4",
|
|
27609
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
27610
|
+
"control_name": "Security event monitoring"
|
|
27611
|
+
},
|
|
27612
|
+
{
|
|
27613
|
+
"id": "NIS2-Art21-patch-management",
|
|
27614
|
+
"framework": "EU NIS2 Directive",
|
|
27615
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
27616
|
+
},
|
|
27617
|
+
{
|
|
27618
|
+
"id": "NIST-800-115",
|
|
27619
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
27620
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
27621
|
+
},
|
|
27622
|
+
{
|
|
27623
|
+
"id": "NIST-800-218-SSDF",
|
|
27624
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
27625
|
+
"control_name": "Secure Software Development Framework"
|
|
27626
|
+
},
|
|
27627
|
+
{
|
|
27628
|
+
"id": "NIST-800-53-AC-2",
|
|
27629
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27630
|
+
"control_name": "Account Management"
|
|
27631
|
+
},
|
|
27632
|
+
{
|
|
27633
|
+
"id": "NIST-800-53-SC-8",
|
|
27634
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27635
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
27636
|
+
},
|
|
27637
|
+
{
|
|
27638
|
+
"id": "NIST-800-53-SI-2",
|
|
27639
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27640
|
+
"control_name": "Flaw Remediation"
|
|
27641
|
+
},
|
|
27642
|
+
{
|
|
27643
|
+
"id": "NIST-800-53-SI-3",
|
|
27644
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27645
|
+
"control_name": "Malicious Code Protection"
|
|
27646
|
+
},
|
|
27647
|
+
{
|
|
27648
|
+
"id": "NIST-800-82r3",
|
|
27649
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
27650
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
27651
|
+
},
|
|
27652
|
+
{
|
|
27653
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
27654
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27655
|
+
"control_name": "Prompt Injection"
|
|
27656
|
+
},
|
|
27657
|
+
{
|
|
27658
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
27659
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
27660
|
+
"control_name": "Sensitive Information Disclosure"
|
|
27661
|
+
},
|
|
27662
|
+
{
|
|
27663
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
27664
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
27665
|
+
"control_name": "Web application penetration testing methodology"
|
|
27666
|
+
},
|
|
27667
|
+
{
|
|
27668
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
27669
|
+
"framework": "PCI DSS 4.0",
|
|
27670
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
27671
|
+
},
|
|
27672
|
+
{
|
|
27673
|
+
"id": "PTES-Pre-engagement",
|
|
27674
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
27675
|
+
"control_name": "Pre-engagement Interactions"
|
|
27676
|
+
},
|
|
27677
|
+
{
|
|
27678
|
+
"id": "SOC2-CC6-logical-access",
|
|
27679
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27680
|
+
"control_name": "Logical and Physical Access Controls"
|
|
27681
|
+
},
|
|
27682
|
+
{
|
|
27683
|
+
"id": "SOC2-CC9-vendor-management",
|
|
27684
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
27685
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
27686
|
+
}
|
|
27687
|
+
],
|
|
27688
|
+
"attack_refs": [
|
|
27689
|
+
"T0855",
|
|
27690
|
+
"T0883",
|
|
27691
|
+
"T1059",
|
|
27692
|
+
"T1068",
|
|
27693
|
+
"T1078",
|
|
27694
|
+
"T1133",
|
|
27695
|
+
"T1190",
|
|
27696
|
+
"T1548.001",
|
|
27697
|
+
"T1566"
|
|
27698
|
+
],
|
|
27699
|
+
"rfc_refs": [
|
|
27700
|
+
"RFC-4301",
|
|
27701
|
+
"RFC-4303",
|
|
27702
|
+
"RFC-7296"
|
|
27703
|
+
]
|
|
27704
|
+
}
|
|
27705
|
+
},
|
|
27706
|
+
"CVE-2024-39722": {
|
|
27707
|
+
"name": "Ollama api/push Path Traversal File-Existence Disclosure",
|
|
27708
|
+
"rwep": 27,
|
|
27709
|
+
"cvss": 7.5,
|
|
27710
|
+
"cisa_kev": false,
|
|
27711
|
+
"epss_score": null,
|
|
27712
|
+
"referencing_skills": [
|
|
27713
|
+
"kernel-lpe-triage",
|
|
27714
|
+
"ai-attack-surface",
|
|
27715
|
+
"compliance-theater",
|
|
27716
|
+
"attack-surface-pentest",
|
|
27717
|
+
"ot-ics-security",
|
|
27718
|
+
"coordinated-vuln-disclosure",
|
|
27719
|
+
"sector-energy"
|
|
27720
|
+
],
|
|
27721
|
+
"chain": {
|
|
27722
|
+
"cwes": [
|
|
27723
|
+
{
|
|
27724
|
+
"id": "CWE-1037",
|
|
27725
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
27726
|
+
"category": "Hardware / Side Channel"
|
|
27727
|
+
},
|
|
27728
|
+
{
|
|
27729
|
+
"id": "CWE-1039",
|
|
27730
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
27731
|
+
"category": "AI/ML"
|
|
27732
|
+
},
|
|
27733
|
+
{
|
|
27734
|
+
"id": "CWE-125",
|
|
27735
|
+
"name": "Out-of-bounds Read",
|
|
27736
|
+
"category": "Memory Safety"
|
|
27737
|
+
},
|
|
27738
|
+
{
|
|
27739
|
+
"id": "CWE-1357",
|
|
27740
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
27741
|
+
"category": "Supply Chain"
|
|
27742
|
+
},
|
|
27743
|
+
{
|
|
27744
|
+
"id": "CWE-1395",
|
|
27745
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
27746
|
+
"category": "Supply Chain"
|
|
27747
|
+
},
|
|
27748
|
+
{
|
|
27749
|
+
"id": "CWE-1426",
|
|
27750
|
+
"name": "Improper Validation of Generative AI Output",
|
|
27751
|
+
"category": "AI/ML"
|
|
27752
|
+
},
|
|
27753
|
+
{
|
|
27754
|
+
"id": "CWE-22",
|
|
27755
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
27756
|
+
"category": "Path/Resource"
|
|
27757
|
+
},
|
|
27758
|
+
{
|
|
27759
|
+
"id": "CWE-269",
|
|
27760
|
+
"name": "Improper Privilege Management",
|
|
27761
|
+
"category": "Authorization"
|
|
27762
|
+
},
|
|
27763
|
+
{
|
|
27764
|
+
"id": "CWE-287",
|
|
27765
|
+
"name": "Improper Authentication",
|
|
27766
|
+
"category": "Authentication"
|
|
27767
|
+
},
|
|
27768
|
+
{
|
|
27769
|
+
"id": "CWE-306",
|
|
27770
|
+
"name": "Missing Authentication for Critical Function",
|
|
27771
|
+
"category": "Authentication"
|
|
27772
|
+
},
|
|
27773
|
+
{
|
|
27774
|
+
"id": "CWE-352",
|
|
27775
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
27776
|
+
"category": "Session"
|
|
27777
|
+
},
|
|
27778
|
+
{
|
|
27779
|
+
"id": "CWE-362",
|
|
27780
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
27781
|
+
"category": "Concurrency"
|
|
27782
|
+
},
|
|
27783
|
+
{
|
|
27784
|
+
"id": "CWE-416",
|
|
27785
|
+
"name": "Use After Free",
|
|
27786
|
+
"category": "Memory Safety"
|
|
27787
|
+
},
|
|
27788
|
+
{
|
|
27789
|
+
"id": "CWE-434",
|
|
27790
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
27791
|
+
"category": "File Handling"
|
|
27792
|
+
},
|
|
27793
|
+
{
|
|
27794
|
+
"id": "CWE-672",
|
|
27795
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
27796
|
+
"category": "Memory Safety"
|
|
27797
|
+
},
|
|
27798
|
+
{
|
|
27799
|
+
"id": "CWE-732",
|
|
27800
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
27801
|
+
"category": "Authorization"
|
|
27802
|
+
},
|
|
27803
|
+
{
|
|
27804
|
+
"id": "CWE-78",
|
|
27805
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
27806
|
+
"category": "Injection"
|
|
27807
|
+
},
|
|
27808
|
+
{
|
|
27809
|
+
"id": "CWE-787",
|
|
27810
|
+
"name": "Out-of-bounds Write",
|
|
27811
|
+
"category": "Memory Safety"
|
|
27812
|
+
},
|
|
27813
|
+
{
|
|
27814
|
+
"id": "CWE-79",
|
|
27815
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
27816
|
+
"category": "Injection"
|
|
27817
|
+
},
|
|
27818
|
+
{
|
|
27819
|
+
"id": "CWE-798",
|
|
27820
|
+
"name": "Use of Hard-coded Credentials",
|
|
27821
|
+
"category": "Credentials"
|
|
27822
|
+
},
|
|
27823
|
+
{
|
|
27824
|
+
"id": "CWE-89",
|
|
27825
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
27826
|
+
"category": "Injection"
|
|
27827
|
+
},
|
|
27828
|
+
{
|
|
27829
|
+
"id": "CWE-918",
|
|
27830
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
27831
|
+
"category": "Network"
|
|
27832
|
+
},
|
|
27833
|
+
{
|
|
27834
|
+
"id": "CWE-94",
|
|
27835
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
27836
|
+
"category": "Injection"
|
|
27837
|
+
}
|
|
27838
|
+
],
|
|
27839
|
+
"atlas": [
|
|
27840
|
+
{
|
|
27841
|
+
"id": "AML.T0010",
|
|
27842
|
+
"name": "ML Supply Chain Compromise",
|
|
27843
|
+
"tactic": "Initial Access"
|
|
27844
|
+
},
|
|
27845
|
+
{
|
|
27846
|
+
"id": "AML.T0016",
|
|
27847
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
27848
|
+
"tactic": "Resource Development"
|
|
27849
|
+
},
|
|
27850
|
+
{
|
|
27851
|
+
"id": "AML.T0017",
|
|
27852
|
+
"name": "Discover ML Model Ontology",
|
|
27853
|
+
"tactic": "Discovery"
|
|
27854
|
+
},
|
|
27855
|
+
{
|
|
27856
|
+
"id": "AML.T0018",
|
|
27857
|
+
"name": "Backdoor ML Model",
|
|
27858
|
+
"tactic": "Persistence"
|
|
27859
|
+
},
|
|
27860
|
+
{
|
|
27861
|
+
"id": "AML.T0020",
|
|
27862
|
+
"name": "Poison Training Data",
|
|
27863
|
+
"tactic": "ML Attack Staging"
|
|
27864
|
+
},
|
|
27865
|
+
{
|
|
27866
|
+
"id": "AML.T0043",
|
|
27867
|
+
"name": "Craft Adversarial Data",
|
|
27868
|
+
"tactic": "ML Attack Staging"
|
|
27869
|
+
},
|
|
27870
|
+
{
|
|
27871
|
+
"id": "AML.T0051",
|
|
27872
|
+
"name": "LLM Prompt Injection",
|
|
27873
|
+
"tactic": "Execution"
|
|
27874
|
+
},
|
|
27875
|
+
{
|
|
27876
|
+
"id": "AML.T0054",
|
|
27877
|
+
"name": "LLM Jailbreak",
|
|
27878
|
+
"tactic": "Defense Evasion"
|
|
27879
|
+
},
|
|
27880
|
+
{
|
|
27881
|
+
"id": "AML.T0096",
|
|
27882
|
+
"name": "AI API as Covert C2 Channel",
|
|
27883
|
+
"tactic": "Command and Control"
|
|
27884
|
+
}
|
|
27885
|
+
],
|
|
27886
|
+
"d3fend": [
|
|
27887
|
+
{
|
|
27888
|
+
"id": "D3-ASLR",
|
|
27889
|
+
"name": "Address Space Layout Randomization",
|
|
27890
|
+
"tactic": "Harden"
|
|
27891
|
+
},
|
|
27892
|
+
{
|
|
27893
|
+
"id": "D3-CSPP",
|
|
27894
|
+
"name": "Client-server Payload Profiling",
|
|
27895
|
+
"tactic": "Detect"
|
|
27896
|
+
},
|
|
27897
|
+
{
|
|
27898
|
+
"id": "D3-EAL",
|
|
27899
|
+
"name": "Executable Allowlisting",
|
|
27900
|
+
"tactic": "Harden"
|
|
27901
|
+
},
|
|
27902
|
+
{
|
|
27903
|
+
"id": "D3-IOPR",
|
|
27904
|
+
"name": "Input/Output Profiling Resource",
|
|
27905
|
+
"tactic": "Detect"
|
|
27906
|
+
},
|
|
27907
|
+
{
|
|
27908
|
+
"id": "D3-NTA",
|
|
27909
|
+
"name": "Network Traffic Analysis",
|
|
27910
|
+
"tactic": "Detect"
|
|
27911
|
+
},
|
|
27912
|
+
{
|
|
27913
|
+
"id": "D3-PHRA",
|
|
27914
|
+
"name": "Process Hardware Resource Access",
|
|
27915
|
+
"tactic": "Isolate"
|
|
27916
|
+
},
|
|
27917
|
+
{
|
|
27918
|
+
"id": "D3-PSEP",
|
|
27919
|
+
"name": "Process Segment Execution Prevention",
|
|
27920
|
+
"tactic": "Harden"
|
|
27921
|
+
}
|
|
27922
|
+
],
|
|
27923
|
+
"framework_gaps": [
|
|
27924
|
+
{
|
|
27925
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
27926
|
+
"framework": "ALL",
|
|
27927
|
+
"control_name": "AI Pipeline Integrity"
|
|
27928
|
+
},
|
|
27929
|
+
{
|
|
27930
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
27931
|
+
"framework": "ALL",
|
|
27932
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
27933
|
+
},
|
|
27934
|
+
{
|
|
27935
|
+
"id": "CIS-Controls-v8-Control7",
|
|
27936
|
+
"framework": "CIS Controls v8",
|
|
27937
|
+
"control_name": "Continuous Vulnerability Management"
|
|
27938
|
+
},
|
|
27939
|
+
{
|
|
27940
|
+
"id": "CMMC-2.0-Level-2",
|
|
27941
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
27942
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
27943
|
+
},
|
|
27944
|
+
{
|
|
27945
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
27946
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
27947
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
27948
|
+
},
|
|
27949
|
+
{
|
|
27950
|
+
"id": "IEC-62443-3-3",
|
|
27951
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
27952
|
+
"control_name": "System security requirements and security levels"
|
|
27953
|
+
},
|
|
27954
|
+
{
|
|
27955
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
27956
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27957
|
+
"control_name": "Secure coding"
|
|
27958
|
+
},
|
|
27959
|
+
{
|
|
27960
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
27961
|
+
"framework": "ISO/IEC 27001:2022",
|
|
27962
|
+
"control_name": "Management of technical vulnerabilities"
|
|
27963
|
+
},
|
|
27964
|
+
{
|
|
27965
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
27966
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
27967
|
+
"control_name": "AI risk management process"
|
|
27968
|
+
},
|
|
27969
|
+
{
|
|
27970
|
+
"id": "NERC-CIP-007-6-R4",
|
|
27971
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
27972
|
+
"control_name": "Security event monitoring"
|
|
27973
|
+
},
|
|
27974
|
+
{
|
|
27975
|
+
"id": "NIS2-Art21-patch-management",
|
|
27976
|
+
"framework": "EU NIS2 Directive",
|
|
27977
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
27978
|
+
},
|
|
27979
|
+
{
|
|
27980
|
+
"id": "NIST-800-115",
|
|
27981
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
27982
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
27983
|
+
},
|
|
27984
|
+
{
|
|
27985
|
+
"id": "NIST-800-218-SSDF",
|
|
27986
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
27987
|
+
"control_name": "Secure Software Development Framework"
|
|
27988
|
+
},
|
|
27989
|
+
{
|
|
27990
|
+
"id": "NIST-800-53-AC-2",
|
|
27991
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27992
|
+
"control_name": "Account Management"
|
|
27993
|
+
},
|
|
27994
|
+
{
|
|
27995
|
+
"id": "NIST-800-53-SC-8",
|
|
27996
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
27997
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
27998
|
+
},
|
|
27999
|
+
{
|
|
28000
|
+
"id": "NIST-800-53-SI-2",
|
|
28001
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28002
|
+
"control_name": "Flaw Remediation"
|
|
28003
|
+
},
|
|
28004
|
+
{
|
|
28005
|
+
"id": "NIST-800-53-SI-3",
|
|
28006
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28007
|
+
"control_name": "Malicious Code Protection"
|
|
28008
|
+
},
|
|
28009
|
+
{
|
|
28010
|
+
"id": "NIST-800-82r3",
|
|
28011
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
28012
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
28013
|
+
},
|
|
28014
|
+
{
|
|
28015
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
28016
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28017
|
+
"control_name": "Prompt Injection"
|
|
28018
|
+
},
|
|
28019
|
+
{
|
|
28020
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
28021
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28022
|
+
"control_name": "Sensitive Information Disclosure"
|
|
28023
|
+
},
|
|
28024
|
+
{
|
|
28025
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
28026
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
28027
|
+
"control_name": "Web application penetration testing methodology"
|
|
28028
|
+
},
|
|
28029
|
+
{
|
|
28030
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
28031
|
+
"framework": "PCI DSS 4.0",
|
|
28032
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
28033
|
+
},
|
|
28034
|
+
{
|
|
28035
|
+
"id": "PTES-Pre-engagement",
|
|
28036
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
28037
|
+
"control_name": "Pre-engagement Interactions"
|
|
28038
|
+
},
|
|
28039
|
+
{
|
|
28040
|
+
"id": "SOC2-CC6-logical-access",
|
|
28041
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28042
|
+
"control_name": "Logical and Physical Access Controls"
|
|
28043
|
+
},
|
|
28044
|
+
{
|
|
28045
|
+
"id": "SOC2-CC9-vendor-management",
|
|
28046
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28047
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
28048
|
+
}
|
|
28049
|
+
],
|
|
28050
|
+
"attack_refs": [
|
|
28051
|
+
"T0855",
|
|
28052
|
+
"T0883",
|
|
28053
|
+
"T1059",
|
|
28054
|
+
"T1068",
|
|
28055
|
+
"T1078",
|
|
28056
|
+
"T1133",
|
|
28057
|
+
"T1190",
|
|
28058
|
+
"T1548.001",
|
|
28059
|
+
"T1566"
|
|
28060
|
+
],
|
|
28061
|
+
"rfc_refs": [
|
|
28062
|
+
"RFC-4301",
|
|
28063
|
+
"RFC-4303",
|
|
28064
|
+
"RFC-7296"
|
|
28065
|
+
]
|
|
28066
|
+
}
|
|
28067
|
+
},
|
|
28068
|
+
"CVE-2024-1561": {
|
|
28069
|
+
"name": "Gradio /component_server Local File Read (Hugging Face Spaces Secret Theft)",
|
|
28070
|
+
"rwep": 31,
|
|
28071
|
+
"cvss": 7.5,
|
|
28072
|
+
"cisa_kev": false,
|
|
28073
|
+
"epss_score": null,
|
|
28074
|
+
"referencing_skills": [
|
|
28075
|
+
"kernel-lpe-triage",
|
|
28076
|
+
"ai-attack-surface",
|
|
28077
|
+
"compliance-theater",
|
|
28078
|
+
"ai-c2-detection",
|
|
28079
|
+
"attack-surface-pentest",
|
|
28080
|
+
"dlp-gap-analysis",
|
|
28081
|
+
"ot-ics-security",
|
|
28082
|
+
"coordinated-vuln-disclosure",
|
|
28083
|
+
"sector-energy"
|
|
28084
|
+
],
|
|
28085
|
+
"chain": {
|
|
28086
|
+
"cwes": [
|
|
28087
|
+
{
|
|
28088
|
+
"id": "CWE-1037",
|
|
28089
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
28090
|
+
"category": "Hardware / Side Channel"
|
|
28091
|
+
},
|
|
28092
|
+
{
|
|
28093
|
+
"id": "CWE-1039",
|
|
28094
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
28095
|
+
"category": "AI/ML"
|
|
28096
|
+
},
|
|
28097
|
+
{
|
|
28098
|
+
"id": "CWE-125",
|
|
28099
|
+
"name": "Out-of-bounds Read",
|
|
28100
|
+
"category": "Memory Safety"
|
|
28101
|
+
},
|
|
28102
|
+
{
|
|
28103
|
+
"id": "CWE-1357",
|
|
28104
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
28105
|
+
"category": "Supply Chain"
|
|
28106
|
+
},
|
|
28107
|
+
{
|
|
28108
|
+
"id": "CWE-1395",
|
|
28109
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
28110
|
+
"category": "Supply Chain"
|
|
28111
|
+
},
|
|
28112
|
+
{
|
|
28113
|
+
"id": "CWE-1426",
|
|
28114
|
+
"name": "Improper Validation of Generative AI Output",
|
|
28115
|
+
"category": "AI/ML"
|
|
28116
|
+
},
|
|
28117
|
+
{
|
|
28118
|
+
"id": "CWE-200",
|
|
28119
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
28120
|
+
"category": "Information Exposure"
|
|
28121
|
+
},
|
|
28122
|
+
{
|
|
28123
|
+
"id": "CWE-22",
|
|
28124
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
28125
|
+
"category": "Path/Resource"
|
|
28126
|
+
},
|
|
28127
|
+
{
|
|
28128
|
+
"id": "CWE-269",
|
|
28129
|
+
"name": "Improper Privilege Management",
|
|
28130
|
+
"category": "Authorization"
|
|
28131
|
+
},
|
|
28132
|
+
{
|
|
28133
|
+
"id": "CWE-287",
|
|
28134
|
+
"name": "Improper Authentication",
|
|
28135
|
+
"category": "Authentication"
|
|
28136
|
+
},
|
|
28137
|
+
{
|
|
28138
|
+
"id": "CWE-306",
|
|
28139
|
+
"name": "Missing Authentication for Critical Function",
|
|
28140
|
+
"category": "Authentication"
|
|
28141
|
+
},
|
|
28142
|
+
{
|
|
28143
|
+
"id": "CWE-352",
|
|
28144
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
28145
|
+
"category": "Session"
|
|
28146
|
+
},
|
|
28147
|
+
{
|
|
28148
|
+
"id": "CWE-362",
|
|
28149
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
28150
|
+
"category": "Concurrency"
|
|
28151
|
+
},
|
|
28152
|
+
{
|
|
28153
|
+
"id": "CWE-416",
|
|
28154
|
+
"name": "Use After Free",
|
|
28155
|
+
"category": "Memory Safety"
|
|
28156
|
+
},
|
|
28157
|
+
{
|
|
28158
|
+
"id": "CWE-434",
|
|
28159
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
28160
|
+
"category": "File Handling"
|
|
28161
|
+
},
|
|
28162
|
+
{
|
|
28163
|
+
"id": "CWE-672",
|
|
28164
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
28165
|
+
"category": "Memory Safety"
|
|
28166
|
+
},
|
|
28167
|
+
{
|
|
28168
|
+
"id": "CWE-732",
|
|
28169
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
28170
|
+
"category": "Authorization"
|
|
28171
|
+
},
|
|
28172
|
+
{
|
|
28173
|
+
"id": "CWE-78",
|
|
28174
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
28175
|
+
"category": "Injection"
|
|
28176
|
+
},
|
|
28177
|
+
{
|
|
28178
|
+
"id": "CWE-787",
|
|
28179
|
+
"name": "Out-of-bounds Write",
|
|
28180
|
+
"category": "Memory Safety"
|
|
28181
|
+
},
|
|
28182
|
+
{
|
|
28183
|
+
"id": "CWE-79",
|
|
28184
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
28185
|
+
"category": "Injection"
|
|
28186
|
+
},
|
|
28187
|
+
{
|
|
28188
|
+
"id": "CWE-798",
|
|
28189
|
+
"name": "Use of Hard-coded Credentials",
|
|
28190
|
+
"category": "Credentials"
|
|
28191
|
+
},
|
|
28192
|
+
{
|
|
28193
|
+
"id": "CWE-89",
|
|
28194
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
28195
|
+
"category": "Injection"
|
|
28196
|
+
},
|
|
28197
|
+
{
|
|
28198
|
+
"id": "CWE-918",
|
|
28199
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
28200
|
+
"category": "Network"
|
|
28201
|
+
},
|
|
28202
|
+
{
|
|
28203
|
+
"id": "CWE-94",
|
|
28204
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
28205
|
+
"category": "Injection"
|
|
28206
|
+
}
|
|
28207
|
+
],
|
|
28208
|
+
"atlas": [
|
|
28209
|
+
{
|
|
28210
|
+
"id": "AML.T0010",
|
|
28211
|
+
"name": "ML Supply Chain Compromise",
|
|
28212
|
+
"tactic": "Initial Access"
|
|
28213
|
+
},
|
|
28214
|
+
{
|
|
28215
|
+
"id": "AML.T0016",
|
|
28216
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
28217
|
+
"tactic": "Resource Development"
|
|
28218
|
+
},
|
|
28219
|
+
{
|
|
28220
|
+
"id": "AML.T0017",
|
|
28221
|
+
"name": "Discover ML Model Ontology",
|
|
28222
|
+
"tactic": "Discovery"
|
|
28223
|
+
},
|
|
28224
|
+
{
|
|
28225
|
+
"id": "AML.T0018",
|
|
28226
|
+
"name": "Backdoor ML Model",
|
|
28227
|
+
"tactic": "Persistence"
|
|
28228
|
+
},
|
|
28229
|
+
{
|
|
28230
|
+
"id": "AML.T0020",
|
|
28231
|
+
"name": "Poison Training Data",
|
|
28232
|
+
"tactic": "ML Attack Staging"
|
|
28233
|
+
},
|
|
28234
|
+
{
|
|
28235
|
+
"id": "AML.T0043",
|
|
28236
|
+
"name": "Craft Adversarial Data",
|
|
28237
|
+
"tactic": "ML Attack Staging"
|
|
28238
|
+
},
|
|
28239
|
+
{
|
|
28240
|
+
"id": "AML.T0051",
|
|
28241
|
+
"name": "LLM Prompt Injection",
|
|
28242
|
+
"tactic": "Execution"
|
|
28243
|
+
},
|
|
28244
|
+
{
|
|
28245
|
+
"id": "AML.T0054",
|
|
28246
|
+
"name": "LLM Jailbreak",
|
|
28247
|
+
"tactic": "Defense Evasion"
|
|
28248
|
+
},
|
|
28249
|
+
{
|
|
28250
|
+
"id": "AML.T0096",
|
|
28251
|
+
"name": "AI API as Covert C2 Channel",
|
|
28252
|
+
"tactic": "Command and Control"
|
|
28253
|
+
}
|
|
28254
|
+
],
|
|
28255
|
+
"d3fend": [
|
|
28256
|
+
{
|
|
28257
|
+
"id": "D3-ASLR",
|
|
28258
|
+
"name": "Address Space Layout Randomization",
|
|
28259
|
+
"tactic": "Harden"
|
|
28260
|
+
},
|
|
28261
|
+
{
|
|
28262
|
+
"id": "D3-CA",
|
|
28263
|
+
"name": "Certificate Analysis",
|
|
28264
|
+
"tactic": "Detect"
|
|
28265
|
+
},
|
|
28266
|
+
{
|
|
28267
|
+
"id": "D3-CSPP",
|
|
28268
|
+
"name": "Client-server Payload Profiling",
|
|
28269
|
+
"tactic": "Detect"
|
|
28270
|
+
},
|
|
28271
|
+
{
|
|
28272
|
+
"id": "D3-DA",
|
|
28273
|
+
"name": "Domain Analysis",
|
|
28274
|
+
"tactic": "Detect"
|
|
28275
|
+
},
|
|
28276
|
+
{
|
|
28277
|
+
"id": "D3-EAL",
|
|
28278
|
+
"name": "Executable Allowlisting",
|
|
28279
|
+
"tactic": "Harden"
|
|
28280
|
+
},
|
|
28281
|
+
{
|
|
28282
|
+
"id": "D3-IOPR",
|
|
28283
|
+
"name": "Input/Output Profiling Resource",
|
|
28284
|
+
"tactic": "Detect"
|
|
28285
|
+
},
|
|
28286
|
+
{
|
|
28287
|
+
"id": "D3-NI",
|
|
28288
|
+
"name": "Network Isolation",
|
|
28289
|
+
"tactic": "Isolate"
|
|
28290
|
+
},
|
|
28291
|
+
{
|
|
28292
|
+
"id": "D3-NTA",
|
|
28293
|
+
"name": "Network Traffic Analysis",
|
|
28294
|
+
"tactic": "Detect"
|
|
28295
|
+
},
|
|
28296
|
+
{
|
|
28297
|
+
"id": "D3-NTPM",
|
|
28298
|
+
"name": "Network Traffic Policy Mapping",
|
|
28299
|
+
"tactic": "Model"
|
|
28300
|
+
},
|
|
28301
|
+
{
|
|
28302
|
+
"id": "D3-PHRA",
|
|
28303
|
+
"name": "Process Hardware Resource Access",
|
|
28304
|
+
"tactic": "Isolate"
|
|
28305
|
+
},
|
|
28306
|
+
{
|
|
28307
|
+
"id": "D3-PSEP",
|
|
28308
|
+
"name": "Process Segment Execution Prevention",
|
|
28309
|
+
"tactic": "Harden"
|
|
28310
|
+
}
|
|
28311
|
+
],
|
|
28312
|
+
"framework_gaps": [
|
|
28313
|
+
{
|
|
28314
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
28315
|
+
"framework": "ALL",
|
|
28316
|
+
"control_name": "AI Pipeline Integrity"
|
|
28317
|
+
},
|
|
28318
|
+
{
|
|
28319
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
28320
|
+
"framework": "ALL",
|
|
28321
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
28322
|
+
},
|
|
28323
|
+
{
|
|
28324
|
+
"id": "CIS-Controls-v8-Control7",
|
|
28325
|
+
"framework": "CIS Controls v8",
|
|
28326
|
+
"control_name": "Continuous Vulnerability Management"
|
|
28327
|
+
},
|
|
28328
|
+
{
|
|
28329
|
+
"id": "CMMC-2.0-Level-2",
|
|
28330
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
28331
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
28332
|
+
},
|
|
28333
|
+
{
|
|
28334
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
28335
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
28336
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
28337
|
+
},
|
|
28338
|
+
{
|
|
28339
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
28340
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
28341
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
28342
|
+
},
|
|
28343
|
+
{
|
|
28344
|
+
"id": "IEC-62443-3-3",
|
|
28345
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
28346
|
+
"control_name": "System security requirements and security levels"
|
|
28347
|
+
},
|
|
28348
|
+
{
|
|
28349
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
28350
|
+
"framework": "ISO/IEC 27001:2022",
|
|
28351
|
+
"control_name": "Monitoring activities"
|
|
28352
|
+
},
|
|
28353
|
+
{
|
|
28354
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
28355
|
+
"framework": "ISO/IEC 27001:2022",
|
|
28356
|
+
"control_name": "Secure coding"
|
|
28357
|
+
},
|
|
28358
|
+
{
|
|
28359
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
28360
|
+
"framework": "ISO/IEC 27001:2022",
|
|
28361
|
+
"control_name": "Management of technical vulnerabilities"
|
|
28362
|
+
},
|
|
28363
|
+
{
|
|
28364
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
28365
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
28366
|
+
"control_name": "AI risk management process"
|
|
28367
|
+
},
|
|
28368
|
+
{
|
|
28369
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
28370
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
28371
|
+
"control_name": "AI risk assessment"
|
|
28372
|
+
},
|
|
28373
|
+
{
|
|
28374
|
+
"id": "NERC-CIP-007-6-R4",
|
|
28375
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
28376
|
+
"control_name": "Security event monitoring"
|
|
28377
|
+
},
|
|
28378
|
+
{
|
|
28379
|
+
"id": "NIS2-Art21-patch-management",
|
|
28380
|
+
"framework": "EU NIS2 Directive",
|
|
28381
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
28382
|
+
},
|
|
28383
|
+
{
|
|
28384
|
+
"id": "NIST-800-115",
|
|
28385
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
28386
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
28387
|
+
},
|
|
28388
|
+
{
|
|
28389
|
+
"id": "NIST-800-218-SSDF",
|
|
28390
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
28391
|
+
"control_name": "Secure Software Development Framework"
|
|
28392
|
+
},
|
|
28393
|
+
{
|
|
28394
|
+
"id": "NIST-800-53-AC-2",
|
|
28395
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28396
|
+
"control_name": "Account Management"
|
|
28397
|
+
},
|
|
28398
|
+
{
|
|
28399
|
+
"id": "NIST-800-53-SC-28",
|
|
28400
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28401
|
+
"control_name": "Protection of Information at Rest"
|
|
28402
|
+
},
|
|
28403
|
+
{
|
|
28404
|
+
"id": "NIST-800-53-SC-7",
|
|
28405
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28406
|
+
"control_name": "Boundary Protection"
|
|
28407
|
+
},
|
|
28408
|
+
{
|
|
28409
|
+
"id": "NIST-800-53-SC-8",
|
|
28410
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28411
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
28412
|
+
},
|
|
28413
|
+
{
|
|
28414
|
+
"id": "NIST-800-53-SI-2",
|
|
28415
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28416
|
+
"control_name": "Flaw Remediation"
|
|
28417
|
+
},
|
|
28418
|
+
{
|
|
28419
|
+
"id": "NIST-800-53-SI-3",
|
|
28420
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28421
|
+
"control_name": "Malicious Code Protection"
|
|
28422
|
+
},
|
|
28423
|
+
{
|
|
28424
|
+
"id": "NIST-800-82r3",
|
|
28425
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
28426
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
28427
|
+
},
|
|
28428
|
+
{
|
|
28429
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
28430
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28431
|
+
"control_name": "Prompt Injection"
|
|
28432
|
+
},
|
|
28433
|
+
{
|
|
28434
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
28435
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28436
|
+
"control_name": "Sensitive Information Disclosure"
|
|
28437
|
+
},
|
|
28438
|
+
{
|
|
28439
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
28440
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
28441
|
+
"control_name": "Web application penetration testing methodology"
|
|
28442
|
+
},
|
|
28443
|
+
{
|
|
28444
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
28445
|
+
"framework": "PCI DSS 4.0",
|
|
28446
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
28447
|
+
},
|
|
28448
|
+
{
|
|
28449
|
+
"id": "PTES-Pre-engagement",
|
|
28450
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
28451
|
+
"control_name": "Pre-engagement Interactions"
|
|
28452
|
+
},
|
|
28453
|
+
{
|
|
28454
|
+
"id": "SOC2-CC6-logical-access",
|
|
28455
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28456
|
+
"control_name": "Logical and Physical Access Controls"
|
|
28457
|
+
},
|
|
28458
|
+
{
|
|
28459
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
28460
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28461
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
28462
|
+
},
|
|
28463
|
+
{
|
|
28464
|
+
"id": "SOC2-CC9-vendor-management",
|
|
28465
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28466
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
28467
|
+
}
|
|
28468
|
+
],
|
|
28469
|
+
"attack_refs": [
|
|
28470
|
+
"T0855",
|
|
28471
|
+
"T0883",
|
|
28472
|
+
"T1041",
|
|
28473
|
+
"T1059",
|
|
28474
|
+
"T1068",
|
|
28475
|
+
"T1071",
|
|
28476
|
+
"T1078",
|
|
28477
|
+
"T1102",
|
|
28478
|
+
"T1133",
|
|
28479
|
+
"T1190",
|
|
28480
|
+
"T1213",
|
|
28481
|
+
"T1530",
|
|
28482
|
+
"T1548.001",
|
|
28483
|
+
"T1566",
|
|
28484
|
+
"T1567",
|
|
28485
|
+
"T1568"
|
|
28486
|
+
],
|
|
28487
|
+
"rfc_refs": [
|
|
28488
|
+
"RFC-4301",
|
|
28489
|
+
"RFC-4303",
|
|
28490
|
+
"RFC-7296",
|
|
28491
|
+
"RFC-8446",
|
|
28492
|
+
"RFC-9000",
|
|
28493
|
+
"RFC-9114",
|
|
28494
|
+
"RFC-9180",
|
|
28495
|
+
"RFC-9421",
|
|
28496
|
+
"RFC-9458"
|
|
28497
|
+
]
|
|
28498
|
+
}
|
|
28499
|
+
},
|
|
28500
|
+
"CVE-2023-51449": {
|
|
28501
|
+
"name": "Gradio /file Route Path Traversal and SSRF Arbitrary File Read",
|
|
28502
|
+
"rwep": 31,
|
|
28503
|
+
"cvss": 7.5,
|
|
28504
|
+
"cisa_kev": false,
|
|
28505
|
+
"epss_score": null,
|
|
28506
|
+
"referencing_skills": [
|
|
28507
|
+
"kernel-lpe-triage",
|
|
28508
|
+
"ai-attack-surface",
|
|
28509
|
+
"compliance-theater",
|
|
28510
|
+
"ai-c2-detection",
|
|
28511
|
+
"attack-surface-pentest",
|
|
28512
|
+
"dlp-gap-analysis",
|
|
28513
|
+
"ot-ics-security",
|
|
28514
|
+
"coordinated-vuln-disclosure",
|
|
28515
|
+
"sector-energy"
|
|
28516
|
+
],
|
|
28517
|
+
"chain": {
|
|
28518
|
+
"cwes": [
|
|
28519
|
+
{
|
|
28520
|
+
"id": "CWE-1037",
|
|
28521
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
28522
|
+
"category": "Hardware / Side Channel"
|
|
28523
|
+
},
|
|
28524
|
+
{
|
|
28525
|
+
"id": "CWE-1039",
|
|
28526
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
28527
|
+
"category": "AI/ML"
|
|
28528
|
+
},
|
|
28529
|
+
{
|
|
28530
|
+
"id": "CWE-125",
|
|
28531
|
+
"name": "Out-of-bounds Read",
|
|
28532
|
+
"category": "Memory Safety"
|
|
28533
|
+
},
|
|
28534
|
+
{
|
|
28535
|
+
"id": "CWE-1357",
|
|
28536
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
28537
|
+
"category": "Supply Chain"
|
|
28538
|
+
},
|
|
28539
|
+
{
|
|
28540
|
+
"id": "CWE-1395",
|
|
28541
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
28542
|
+
"category": "Supply Chain"
|
|
28543
|
+
},
|
|
28544
|
+
{
|
|
28545
|
+
"id": "CWE-1426",
|
|
28546
|
+
"name": "Improper Validation of Generative AI Output",
|
|
28547
|
+
"category": "AI/ML"
|
|
28548
|
+
},
|
|
28549
|
+
{
|
|
28550
|
+
"id": "CWE-200",
|
|
28551
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
28552
|
+
"category": "Information Exposure"
|
|
28553
|
+
},
|
|
28554
|
+
{
|
|
28555
|
+
"id": "CWE-22",
|
|
28556
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
28557
|
+
"category": "Path/Resource"
|
|
28558
|
+
},
|
|
28559
|
+
{
|
|
28560
|
+
"id": "CWE-269",
|
|
28561
|
+
"name": "Improper Privilege Management",
|
|
28562
|
+
"category": "Authorization"
|
|
28563
|
+
},
|
|
28564
|
+
{
|
|
28565
|
+
"id": "CWE-287",
|
|
28566
|
+
"name": "Improper Authentication",
|
|
28567
|
+
"category": "Authentication"
|
|
28568
|
+
},
|
|
28569
|
+
{
|
|
28570
|
+
"id": "CWE-306",
|
|
28571
|
+
"name": "Missing Authentication for Critical Function",
|
|
28572
|
+
"category": "Authentication"
|
|
28573
|
+
},
|
|
28574
|
+
{
|
|
28575
|
+
"id": "CWE-352",
|
|
28576
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
28577
|
+
"category": "Session"
|
|
28578
|
+
},
|
|
28579
|
+
{
|
|
28580
|
+
"id": "CWE-362",
|
|
28581
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
28582
|
+
"category": "Concurrency"
|
|
28583
|
+
},
|
|
28584
|
+
{
|
|
28585
|
+
"id": "CWE-416",
|
|
28586
|
+
"name": "Use After Free",
|
|
28587
|
+
"category": "Memory Safety"
|
|
28588
|
+
},
|
|
28589
|
+
{
|
|
28590
|
+
"id": "CWE-434",
|
|
28591
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
28592
|
+
"category": "File Handling"
|
|
28593
|
+
},
|
|
28594
|
+
{
|
|
28595
|
+
"id": "CWE-672",
|
|
28596
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
28597
|
+
"category": "Memory Safety"
|
|
28598
|
+
},
|
|
28599
|
+
{
|
|
28600
|
+
"id": "CWE-732",
|
|
28601
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
28602
|
+
"category": "Authorization"
|
|
28603
|
+
},
|
|
28604
|
+
{
|
|
28605
|
+
"id": "CWE-78",
|
|
28606
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
28607
|
+
"category": "Injection"
|
|
28608
|
+
},
|
|
28609
|
+
{
|
|
28610
|
+
"id": "CWE-787",
|
|
28611
|
+
"name": "Out-of-bounds Write",
|
|
28612
|
+
"category": "Memory Safety"
|
|
28613
|
+
},
|
|
28614
|
+
{
|
|
28615
|
+
"id": "CWE-79",
|
|
28616
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
28617
|
+
"category": "Injection"
|
|
28618
|
+
},
|
|
28619
|
+
{
|
|
28620
|
+
"id": "CWE-798",
|
|
28621
|
+
"name": "Use of Hard-coded Credentials",
|
|
28622
|
+
"category": "Credentials"
|
|
28623
|
+
},
|
|
28624
|
+
{
|
|
28625
|
+
"id": "CWE-89",
|
|
28626
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
28627
|
+
"category": "Injection"
|
|
28628
|
+
},
|
|
28629
|
+
{
|
|
28630
|
+
"id": "CWE-918",
|
|
28631
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
28632
|
+
"category": "Network"
|
|
28633
|
+
},
|
|
28634
|
+
{
|
|
28635
|
+
"id": "CWE-94",
|
|
28636
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
28637
|
+
"category": "Injection"
|
|
28638
|
+
}
|
|
28639
|
+
],
|
|
28640
|
+
"atlas": [
|
|
28641
|
+
{
|
|
28642
|
+
"id": "AML.T0010",
|
|
28643
|
+
"name": "ML Supply Chain Compromise",
|
|
28644
|
+
"tactic": "Initial Access"
|
|
28645
|
+
},
|
|
28646
|
+
{
|
|
28647
|
+
"id": "AML.T0016",
|
|
28648
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
28649
|
+
"tactic": "Resource Development"
|
|
28650
|
+
},
|
|
28651
|
+
{
|
|
28652
|
+
"id": "AML.T0017",
|
|
28653
|
+
"name": "Discover ML Model Ontology",
|
|
28654
|
+
"tactic": "Discovery"
|
|
28655
|
+
},
|
|
28656
|
+
{
|
|
28657
|
+
"id": "AML.T0018",
|
|
28658
|
+
"name": "Backdoor ML Model",
|
|
28659
|
+
"tactic": "Persistence"
|
|
28660
|
+
},
|
|
28661
|
+
{
|
|
28662
|
+
"id": "AML.T0020",
|
|
28663
|
+
"name": "Poison Training Data",
|
|
28664
|
+
"tactic": "ML Attack Staging"
|
|
28665
|
+
},
|
|
28666
|
+
{
|
|
28667
|
+
"id": "AML.T0043",
|
|
28668
|
+
"name": "Craft Adversarial Data",
|
|
28669
|
+
"tactic": "ML Attack Staging"
|
|
28670
|
+
},
|
|
28671
|
+
{
|
|
28672
|
+
"id": "AML.T0051",
|
|
28673
|
+
"name": "LLM Prompt Injection",
|
|
28674
|
+
"tactic": "Execution"
|
|
28675
|
+
},
|
|
28676
|
+
{
|
|
28677
|
+
"id": "AML.T0054",
|
|
28678
|
+
"name": "LLM Jailbreak",
|
|
28679
|
+
"tactic": "Defense Evasion"
|
|
28680
|
+
},
|
|
28681
|
+
{
|
|
28682
|
+
"id": "AML.T0096",
|
|
28683
|
+
"name": "AI API as Covert C2 Channel",
|
|
28684
|
+
"tactic": "Command and Control"
|
|
28685
|
+
}
|
|
28686
|
+
],
|
|
28687
|
+
"d3fend": [
|
|
28688
|
+
{
|
|
28689
|
+
"id": "D3-ASLR",
|
|
28690
|
+
"name": "Address Space Layout Randomization",
|
|
28691
|
+
"tactic": "Harden"
|
|
28692
|
+
},
|
|
28693
|
+
{
|
|
28694
|
+
"id": "D3-CA",
|
|
28695
|
+
"name": "Certificate Analysis",
|
|
28696
|
+
"tactic": "Detect"
|
|
28697
|
+
},
|
|
28698
|
+
{
|
|
28699
|
+
"id": "D3-CSPP",
|
|
28700
|
+
"name": "Client-server Payload Profiling",
|
|
28701
|
+
"tactic": "Detect"
|
|
28702
|
+
},
|
|
28703
|
+
{
|
|
28704
|
+
"id": "D3-DA",
|
|
28705
|
+
"name": "Domain Analysis",
|
|
28706
|
+
"tactic": "Detect"
|
|
28707
|
+
},
|
|
28708
|
+
{
|
|
28709
|
+
"id": "D3-EAL",
|
|
28710
|
+
"name": "Executable Allowlisting",
|
|
28711
|
+
"tactic": "Harden"
|
|
28712
|
+
},
|
|
28713
|
+
{
|
|
28714
|
+
"id": "D3-IOPR",
|
|
28715
|
+
"name": "Input/Output Profiling Resource",
|
|
28716
|
+
"tactic": "Detect"
|
|
28717
|
+
},
|
|
28718
|
+
{
|
|
28719
|
+
"id": "D3-NI",
|
|
28720
|
+
"name": "Network Isolation",
|
|
28721
|
+
"tactic": "Isolate"
|
|
28722
|
+
},
|
|
28723
|
+
{
|
|
28724
|
+
"id": "D3-NTA",
|
|
28725
|
+
"name": "Network Traffic Analysis",
|
|
28726
|
+
"tactic": "Detect"
|
|
28727
|
+
},
|
|
28728
|
+
{
|
|
28729
|
+
"id": "D3-NTPM",
|
|
28730
|
+
"name": "Network Traffic Policy Mapping",
|
|
28731
|
+
"tactic": "Model"
|
|
28732
|
+
},
|
|
28733
|
+
{
|
|
28734
|
+
"id": "D3-PHRA",
|
|
28735
|
+
"name": "Process Hardware Resource Access",
|
|
28736
|
+
"tactic": "Isolate"
|
|
28737
|
+
},
|
|
28738
|
+
{
|
|
28739
|
+
"id": "D3-PSEP",
|
|
28740
|
+
"name": "Process Segment Execution Prevention",
|
|
28741
|
+
"tactic": "Harden"
|
|
28742
|
+
}
|
|
28743
|
+
],
|
|
28744
|
+
"framework_gaps": [
|
|
28745
|
+
{
|
|
28746
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
28747
|
+
"framework": "ALL",
|
|
28748
|
+
"control_name": "AI Pipeline Integrity"
|
|
28749
|
+
},
|
|
28750
|
+
{
|
|
28751
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
28752
|
+
"framework": "ALL",
|
|
28753
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
28754
|
+
},
|
|
28755
|
+
{
|
|
28756
|
+
"id": "CIS-Controls-v8-Control7",
|
|
28757
|
+
"framework": "CIS Controls v8",
|
|
28758
|
+
"control_name": "Continuous Vulnerability Management"
|
|
28759
|
+
},
|
|
28760
|
+
{
|
|
28761
|
+
"id": "CMMC-2.0-Level-2",
|
|
28762
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
28763
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
28764
|
+
},
|
|
28765
|
+
{
|
|
28766
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
28767
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
28768
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
28769
|
+
},
|
|
28770
|
+
{
|
|
28771
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
28772
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
28773
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
28774
|
+
},
|
|
28775
|
+
{
|
|
28776
|
+
"id": "IEC-62443-3-3",
|
|
28777
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
28778
|
+
"control_name": "System security requirements and security levels"
|
|
28779
|
+
},
|
|
28780
|
+
{
|
|
28781
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
28782
|
+
"framework": "ISO/IEC 27001:2022",
|
|
28783
|
+
"control_name": "Monitoring activities"
|
|
28784
|
+
},
|
|
28785
|
+
{
|
|
28786
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
28787
|
+
"framework": "ISO/IEC 27001:2022",
|
|
28788
|
+
"control_name": "Secure coding"
|
|
28789
|
+
},
|
|
28790
|
+
{
|
|
28791
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
28792
|
+
"framework": "ISO/IEC 27001:2022",
|
|
28793
|
+
"control_name": "Management of technical vulnerabilities"
|
|
28794
|
+
},
|
|
28795
|
+
{
|
|
28796
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
28797
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
28798
|
+
"control_name": "AI risk management process"
|
|
28799
|
+
},
|
|
28800
|
+
{
|
|
28801
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
28802
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
28803
|
+
"control_name": "AI risk assessment"
|
|
28804
|
+
},
|
|
28805
|
+
{
|
|
28806
|
+
"id": "NERC-CIP-007-6-R4",
|
|
28807
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
28808
|
+
"control_name": "Security event monitoring"
|
|
28809
|
+
},
|
|
28810
|
+
{
|
|
28811
|
+
"id": "NIS2-Art21-patch-management",
|
|
28812
|
+
"framework": "EU NIS2 Directive",
|
|
28813
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
28814
|
+
},
|
|
28815
|
+
{
|
|
28816
|
+
"id": "NIST-800-115",
|
|
28817
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
28818
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
28819
|
+
},
|
|
28820
|
+
{
|
|
28821
|
+
"id": "NIST-800-218-SSDF",
|
|
28822
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
28823
|
+
"control_name": "Secure Software Development Framework"
|
|
28824
|
+
},
|
|
28825
|
+
{
|
|
28826
|
+
"id": "NIST-800-53-AC-2",
|
|
28827
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28828
|
+
"control_name": "Account Management"
|
|
28829
|
+
},
|
|
28830
|
+
{
|
|
28831
|
+
"id": "NIST-800-53-SC-28",
|
|
28832
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28833
|
+
"control_name": "Protection of Information at Rest"
|
|
28834
|
+
},
|
|
28835
|
+
{
|
|
28836
|
+
"id": "NIST-800-53-SC-7",
|
|
28837
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28838
|
+
"control_name": "Boundary Protection"
|
|
28839
|
+
},
|
|
28840
|
+
{
|
|
28841
|
+
"id": "NIST-800-53-SC-8",
|
|
28842
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28843
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
28844
|
+
},
|
|
28845
|
+
{
|
|
28846
|
+
"id": "NIST-800-53-SI-2",
|
|
28847
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28848
|
+
"control_name": "Flaw Remediation"
|
|
28849
|
+
},
|
|
28850
|
+
{
|
|
28851
|
+
"id": "NIST-800-53-SI-3",
|
|
28852
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
28853
|
+
"control_name": "Malicious Code Protection"
|
|
28854
|
+
},
|
|
28855
|
+
{
|
|
28856
|
+
"id": "NIST-800-82r3",
|
|
28857
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
28858
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
28859
|
+
},
|
|
28860
|
+
{
|
|
28861
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
28862
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28863
|
+
"control_name": "Prompt Injection"
|
|
28864
|
+
},
|
|
28865
|
+
{
|
|
28866
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
28867
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
28868
|
+
"control_name": "Sensitive Information Disclosure"
|
|
28869
|
+
},
|
|
28870
|
+
{
|
|
28871
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
28872
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
28873
|
+
"control_name": "Web application penetration testing methodology"
|
|
28874
|
+
},
|
|
28875
|
+
{
|
|
28876
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
28877
|
+
"framework": "PCI DSS 4.0",
|
|
28878
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
28879
|
+
},
|
|
28880
|
+
{
|
|
28881
|
+
"id": "PTES-Pre-engagement",
|
|
28882
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
28883
|
+
"control_name": "Pre-engagement Interactions"
|
|
28884
|
+
},
|
|
28885
|
+
{
|
|
28886
|
+
"id": "SOC2-CC6-logical-access",
|
|
28887
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28888
|
+
"control_name": "Logical and Physical Access Controls"
|
|
28889
|
+
},
|
|
28890
|
+
{
|
|
28891
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
28892
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28893
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
28894
|
+
},
|
|
28895
|
+
{
|
|
28896
|
+
"id": "SOC2-CC9-vendor-management",
|
|
28897
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
28898
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
28899
|
+
}
|
|
28900
|
+
],
|
|
28901
|
+
"attack_refs": [
|
|
28902
|
+
"T0855",
|
|
28903
|
+
"T0883",
|
|
28904
|
+
"T1041",
|
|
28905
|
+
"T1059",
|
|
28906
|
+
"T1068",
|
|
28907
|
+
"T1071",
|
|
28908
|
+
"T1078",
|
|
28909
|
+
"T1102",
|
|
28910
|
+
"T1133",
|
|
28911
|
+
"T1190",
|
|
28912
|
+
"T1213",
|
|
28913
|
+
"T1530",
|
|
28914
|
+
"T1548.001",
|
|
28915
|
+
"T1566",
|
|
28916
|
+
"T1567",
|
|
28917
|
+
"T1568"
|
|
28918
|
+
],
|
|
28919
|
+
"rfc_refs": [
|
|
28920
|
+
"RFC-4301",
|
|
28921
|
+
"RFC-4303",
|
|
28922
|
+
"RFC-7296",
|
|
28923
|
+
"RFC-8446",
|
|
28924
|
+
"RFC-9000",
|
|
28925
|
+
"RFC-9114",
|
|
28926
|
+
"RFC-9180",
|
|
28927
|
+
"RFC-9421",
|
|
28928
|
+
"RFC-9458"
|
|
28929
|
+
]
|
|
28930
|
+
}
|
|
28931
|
+
},
|
|
27344
28932
|
"CVE-2026-41091": {
|
|
27345
28933
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
27346
28934
|
"rwep": 45,
|
|
@@ -53720,9 +55308,13 @@
|
|
|
53720
55308
|
"CVE-2023-43472",
|
|
53721
55309
|
"CVE-2023-43654",
|
|
53722
55310
|
"CVE-2023-48022",
|
|
55311
|
+
"CVE-2023-51449",
|
|
53723
55312
|
"CVE-2024-0132",
|
|
55313
|
+
"CVE-2024-1561",
|
|
53724
55314
|
"CVE-2024-3094",
|
|
53725
55315
|
"CVE-2024-3154",
|
|
55316
|
+
"CVE-2024-37032",
|
|
55317
|
+
"CVE-2024-39722",
|
|
53726
55318
|
"CVE-2024-42478",
|
|
53727
55319
|
"CVE-2024-42479",
|
|
53728
55320
|
"CVE-2024-50050",
|
|
@@ -54098,7 +55690,11 @@
|
|
|
54098
55690
|
"CVE-2023-43472",
|
|
54099
55691
|
"CVE-2023-43654",
|
|
54100
55692
|
"CVE-2023-48022",
|
|
55693
|
+
"CVE-2023-51449",
|
|
54101
55694
|
"CVE-2024-0132",
|
|
55695
|
+
"CVE-2024-1561",
|
|
55696
|
+
"CVE-2024-37032",
|
|
55697
|
+
"CVE-2024-39722",
|
|
54102
55698
|
"CVE-2024-42478",
|
|
54103
55699
|
"CVE-2024-42479",
|
|
54104
55700
|
"CVE-2024-50050",
|
|
@@ -54267,7 +55863,11 @@
|
|
|
54267
55863
|
"CVE-2023-43472",
|
|
54268
55864
|
"CVE-2023-43654",
|
|
54269
55865
|
"CVE-2023-48022",
|
|
55866
|
+
"CVE-2023-51449",
|
|
54270
55867
|
"CVE-2024-0132",
|
|
55868
|
+
"CVE-2024-1561",
|
|
55869
|
+
"CVE-2024-37032",
|
|
55870
|
+
"CVE-2024-39722",
|
|
54271
55871
|
"CVE-2024-42478",
|
|
54272
55872
|
"CVE-2024-42479",
|
|
54273
55873
|
"CVE-2024-50050",
|
|
@@ -54450,7 +56050,11 @@
|
|
|
54450
56050
|
"CVE-2023-43472",
|
|
54451
56051
|
"CVE-2023-43654",
|
|
54452
56052
|
"CVE-2023-48022",
|
|
56053
|
+
"CVE-2023-51449",
|
|
54453
56054
|
"CVE-2024-0132",
|
|
56055
|
+
"CVE-2024-1561",
|
|
56056
|
+
"CVE-2024-37032",
|
|
56057
|
+
"CVE-2024-39722",
|
|
54454
56058
|
"CVE-2024-42478",
|
|
54455
56059
|
"CVE-2024-42479",
|
|
54456
56060
|
"CVE-2024-50050",
|
|
@@ -54737,9 +56341,13 @@
|
|
|
54737
56341
|
"CVE-2023-43472",
|
|
54738
56342
|
"CVE-2023-43654",
|
|
54739
56343
|
"CVE-2023-48022",
|
|
56344
|
+
"CVE-2023-51449",
|
|
54740
56345
|
"CVE-2024-0132",
|
|
56346
|
+
"CVE-2024-1561",
|
|
54741
56347
|
"CVE-2024-3094",
|
|
54742
56348
|
"CVE-2024-3154",
|
|
56349
|
+
"CVE-2024-37032",
|
|
56350
|
+
"CVE-2024-39722",
|
|
54743
56351
|
"CVE-2024-42478",
|
|
54744
56352
|
"CVE-2024-42479",
|
|
54745
56353
|
"CVE-2024-50050",
|
|
@@ -54979,16 +56587,20 @@
|
|
|
54979
56587
|
"CVE-2023-43654",
|
|
54980
56588
|
"CVE-2023-48022",
|
|
54981
56589
|
"CVE-2023-50224",
|
|
56590
|
+
"CVE-2023-51449",
|
|
54982
56591
|
"CVE-2023-52163",
|
|
54983
56592
|
"CVE-2024-0132",
|
|
54984
56593
|
"CVE-2024-0769",
|
|
54985
56594
|
"CVE-2024-11182",
|
|
54986
56595
|
"CVE-2024-12987",
|
|
56596
|
+
"CVE-2024-1561",
|
|
54987
56597
|
"CVE-2024-1708",
|
|
54988
56598
|
"CVE-2024-21762",
|
|
54989
56599
|
"CVE-2024-27199",
|
|
54990
56600
|
"CVE-2024-27443",
|
|
56601
|
+
"CVE-2024-37032",
|
|
54991
56602
|
"CVE-2024-37079",
|
|
56603
|
+
"CVE-2024-39722",
|
|
54992
56604
|
"CVE-2024-42009",
|
|
54993
56605
|
"CVE-2024-42478",
|
|
54994
56606
|
"CVE-2024-42479",
|
|
@@ -55441,7 +57053,9 @@
|
|
|
55441
57053
|
"BUG-2026-NIGHTMARE-ECLIPSE-YELLOWKEY",
|
|
55442
57054
|
"CVE-2023-43472",
|
|
55443
57055
|
"CVE-2023-48022",
|
|
57056
|
+
"CVE-2023-51449",
|
|
55444
57057
|
"CVE-2024-0132",
|
|
57058
|
+
"CVE-2024-1561",
|
|
55445
57059
|
"CVE-2024-3094",
|
|
55446
57060
|
"CVE-2024-3154",
|
|
55447
57061
|
"CVE-2024-40635",
|
|
@@ -55805,9 +57419,13 @@
|
|
|
55805
57419
|
"CVE-2023-43472",
|
|
55806
57420
|
"CVE-2023-43654",
|
|
55807
57421
|
"CVE-2023-48022",
|
|
57422
|
+
"CVE-2023-51449",
|
|
55808
57423
|
"CVE-2024-0132",
|
|
57424
|
+
"CVE-2024-1561",
|
|
55809
57425
|
"CVE-2024-3094",
|
|
55810
57426
|
"CVE-2024-3154",
|
|
57427
|
+
"CVE-2024-37032",
|
|
57428
|
+
"CVE-2024-39722",
|
|
55811
57429
|
"CVE-2024-42478",
|
|
55812
57430
|
"CVE-2024-42479",
|
|
55813
57431
|
"CVE-2024-50050",
|
|
@@ -56413,9 +58031,13 @@
|
|
|
56413
58031
|
"CVE-2023-43472",
|
|
56414
58032
|
"CVE-2023-43654",
|
|
56415
58033
|
"CVE-2023-48022",
|
|
58034
|
+
"CVE-2023-51449",
|
|
56416
58035
|
"CVE-2024-0132",
|
|
58036
|
+
"CVE-2024-1561",
|
|
56417
58037
|
"CVE-2024-3094",
|
|
56418
58038
|
"CVE-2024-3154",
|
|
58039
|
+
"CVE-2024-37032",
|
|
58040
|
+
"CVE-2024-39722",
|
|
56419
58041
|
"CVE-2024-42478",
|
|
56420
58042
|
"CVE-2024-42479",
|
|
56421
58043
|
"CVE-2024-50050",
|
|
@@ -56659,8 +58281,12 @@
|
|
|
56659
58281
|
"CVE-2022-1471",
|
|
56660
58282
|
"CVE-2023-43654",
|
|
56661
58283
|
"CVE-2023-48022",
|
|
58284
|
+
"CVE-2023-51449",
|
|
56662
58285
|
"CVE-2024-0132",
|
|
58286
|
+
"CVE-2024-1561",
|
|
56663
58287
|
"CVE-2024-3094",
|
|
58288
|
+
"CVE-2024-37032",
|
|
58289
|
+
"CVE-2024-39722",
|
|
56664
58290
|
"CVE-2024-42478",
|
|
56665
58291
|
"CVE-2024-42479",
|
|
56666
58292
|
"CVE-2024-50050",
|
|
@@ -57331,9 +58957,13 @@
|
|
|
57331
58957
|
"CVE-2023-43472",
|
|
57332
58958
|
"CVE-2023-43654",
|
|
57333
58959
|
"CVE-2023-48022",
|
|
58960
|
+
"CVE-2023-51449",
|
|
57334
58961
|
"CVE-2024-0132",
|
|
58962
|
+
"CVE-2024-1561",
|
|
57335
58963
|
"CVE-2024-3094",
|
|
57336
58964
|
"CVE-2024-3154",
|
|
58965
|
+
"CVE-2024-37032",
|
|
58966
|
+
"CVE-2024-39722",
|
|
57337
58967
|
"CVE-2024-42478",
|
|
57338
58968
|
"CVE-2024-42479",
|
|
57339
58969
|
"CVE-2024-50050",
|
|
@@ -57580,16 +59210,20 @@
|
|
|
57580
59210
|
"CVE-2023-43654",
|
|
57581
59211
|
"CVE-2023-48022",
|
|
57582
59212
|
"CVE-2023-50224",
|
|
59213
|
+
"CVE-2023-51449",
|
|
57583
59214
|
"CVE-2023-52163",
|
|
57584
59215
|
"CVE-2024-0132",
|
|
57585
59216
|
"CVE-2024-0769",
|
|
57586
59217
|
"CVE-2024-11182",
|
|
57587
59218
|
"CVE-2024-12987",
|
|
59219
|
+
"CVE-2024-1561",
|
|
57588
59220
|
"CVE-2024-1708",
|
|
57589
59221
|
"CVE-2024-21762",
|
|
57590
59222
|
"CVE-2024-27199",
|
|
57591
59223
|
"CVE-2024-27443",
|
|
59224
|
+
"CVE-2024-37032",
|
|
57592
59225
|
"CVE-2024-37079",
|
|
59226
|
+
"CVE-2024-39722",
|
|
57593
59227
|
"CVE-2024-42009",
|
|
57594
59228
|
"CVE-2024-42478",
|
|
57595
59229
|
"CVE-2024-42479",
|
|
@@ -58009,16 +59643,20 @@
|
|
|
58009
59643
|
"CVE-2023-43654",
|
|
58010
59644
|
"CVE-2023-48022",
|
|
58011
59645
|
"CVE-2023-50224",
|
|
59646
|
+
"CVE-2023-51449",
|
|
58012
59647
|
"CVE-2023-52163",
|
|
58013
59648
|
"CVE-2024-0132",
|
|
58014
59649
|
"CVE-2024-0769",
|
|
58015
59650
|
"CVE-2024-11182",
|
|
58016
59651
|
"CVE-2024-12987",
|
|
59652
|
+
"CVE-2024-1561",
|
|
58017
59653
|
"CVE-2024-1708",
|
|
58018
59654
|
"CVE-2024-21762",
|
|
58019
59655
|
"CVE-2024-27199",
|
|
58020
59656
|
"CVE-2024-27443",
|
|
59657
|
+
"CVE-2024-37032",
|
|
58021
59658
|
"CVE-2024-37079",
|
|
59659
|
+
"CVE-2024-39722",
|
|
58022
59660
|
"CVE-2024-42009",
|
|
58023
59661
|
"CVE-2024-42478",
|
|
58024
59662
|
"CVE-2024-42479",
|
|
@@ -58470,9 +60108,13 @@
|
|
|
58470
60108
|
"CVE-2023-43472",
|
|
58471
60109
|
"CVE-2023-43654",
|
|
58472
60110
|
"CVE-2023-48022",
|
|
60111
|
+
"CVE-2023-51449",
|
|
58473
60112
|
"CVE-2024-0132",
|
|
60113
|
+
"CVE-2024-1561",
|
|
58474
60114
|
"CVE-2024-3094",
|
|
58475
60115
|
"CVE-2024-3154",
|
|
60116
|
+
"CVE-2024-37032",
|
|
60117
|
+
"CVE-2024-39722",
|
|
58476
60118
|
"CVE-2024-42478",
|
|
58477
60119
|
"CVE-2024-42479",
|
|
58478
60120
|
"CVE-2024-50050",
|
|
@@ -59271,16 +60913,20 @@
|
|
|
59271
60913
|
"CVE-2023-43654",
|
|
59272
60914
|
"CVE-2023-48022",
|
|
59273
60915
|
"CVE-2023-50224",
|
|
60916
|
+
"CVE-2023-51449",
|
|
59274
60917
|
"CVE-2023-52163",
|
|
59275
60918
|
"CVE-2024-0132",
|
|
59276
60919
|
"CVE-2024-0769",
|
|
59277
60920
|
"CVE-2024-11182",
|
|
59278
60921
|
"CVE-2024-12987",
|
|
60922
|
+
"CVE-2024-1561",
|
|
59279
60923
|
"CVE-2024-1708",
|
|
59280
60924
|
"CVE-2024-21762",
|
|
59281
60925
|
"CVE-2024-27199",
|
|
59282
60926
|
"CVE-2024-27443",
|
|
60927
|
+
"CVE-2024-37032",
|
|
59283
60928
|
"CVE-2024-37079",
|
|
60929
|
+
"CVE-2024-39722",
|
|
59284
60930
|
"CVE-2024-42009",
|
|
59285
60931
|
"CVE-2024-42478",
|
|
59286
60932
|
"CVE-2024-42479",
|
|
@@ -59796,9 +61442,13 @@
|
|
|
59796
61442
|
"CVE-2023-43472",
|
|
59797
61443
|
"CVE-2023-43654",
|
|
59798
61444
|
"CVE-2023-48022",
|
|
61445
|
+
"CVE-2023-51449",
|
|
59799
61446
|
"CVE-2024-0132",
|
|
61447
|
+
"CVE-2024-1561",
|
|
59800
61448
|
"CVE-2024-3094",
|
|
59801
61449
|
"CVE-2024-3154",
|
|
61450
|
+
"CVE-2024-37032",
|
|
61451
|
+
"CVE-2024-39722",
|
|
59802
61452
|
"CVE-2024-42478",
|
|
59803
61453
|
"CVE-2024-42479",
|
|
59804
61454
|
"CVE-2024-50050",
|
|
@@ -60123,18 +61773,22 @@
|
|
|
60123
61773
|
"CVE-2023-43654",
|
|
60124
61774
|
"CVE-2023-48022",
|
|
60125
61775
|
"CVE-2023-50224",
|
|
61776
|
+
"CVE-2023-51449",
|
|
60126
61777
|
"CVE-2023-52163",
|
|
60127
61778
|
"CVE-2024-0132",
|
|
60128
61779
|
"CVE-2024-0769",
|
|
60129
61780
|
"CVE-2024-11182",
|
|
60130
61781
|
"CVE-2024-12987",
|
|
61782
|
+
"CVE-2024-1561",
|
|
60131
61783
|
"CVE-2024-1708",
|
|
60132
61784
|
"CVE-2024-21762",
|
|
60133
61785
|
"CVE-2024-27199",
|
|
60134
61786
|
"CVE-2024-27443",
|
|
60135
61787
|
"CVE-2024-3094",
|
|
60136
61788
|
"CVE-2024-3154",
|
|
61789
|
+
"CVE-2024-37032",
|
|
60137
61790
|
"CVE-2024-37079",
|
|
61791
|
+
"CVE-2024-39722",
|
|
60138
61792
|
"CVE-2024-42009",
|
|
60139
61793
|
"CVE-2024-42478",
|
|
60140
61794
|
"CVE-2024-42479",
|
|
@@ -60667,9 +62321,13 @@
|
|
|
60667
62321
|
"CVE-2022-1471",
|
|
60668
62322
|
"CVE-2023-43654",
|
|
60669
62323
|
"CVE-2023-48022",
|
|
62324
|
+
"CVE-2023-51449",
|
|
60670
62325
|
"CVE-2024-0132",
|
|
62326
|
+
"CVE-2024-1561",
|
|
60671
62327
|
"CVE-2024-3094",
|
|
60672
62328
|
"CVE-2024-3154",
|
|
62329
|
+
"CVE-2024-37032",
|
|
62330
|
+
"CVE-2024-39722",
|
|
60673
62331
|
"CVE-2024-42478",
|
|
60674
62332
|
"CVE-2024-42479",
|
|
60675
62333
|
"CVE-2024-50050",
|
|
@@ -61610,9 +63268,13 @@
|
|
|
61610
63268
|
"CVE-2023-43472",
|
|
61611
63269
|
"CVE-2023-43654",
|
|
61612
63270
|
"CVE-2023-48022",
|
|
63271
|
+
"CVE-2023-51449",
|
|
61613
63272
|
"CVE-2024-0132",
|
|
63273
|
+
"CVE-2024-1561",
|
|
61614
63274
|
"CVE-2024-3094",
|
|
61615
63275
|
"CVE-2024-3154",
|
|
63276
|
+
"CVE-2024-37032",
|
|
63277
|
+
"CVE-2024-39722",
|
|
61616
63278
|
"CVE-2024-42478",
|
|
61617
63279
|
"CVE-2024-42479",
|
|
61618
63280
|
"CVE-2024-50050",
|
|
@@ -61717,7 +63379,11 @@
|
|
|
61717
63379
|
"CVE-2022-1471",
|
|
61718
63380
|
"CVE-2023-43654",
|
|
61719
63381
|
"CVE-2023-48022",
|
|
63382
|
+
"CVE-2023-51449",
|
|
61720
63383
|
"CVE-2024-0132",
|
|
63384
|
+
"CVE-2024-1561",
|
|
63385
|
+
"CVE-2024-37032",
|
|
63386
|
+
"CVE-2024-39722",
|
|
61721
63387
|
"CVE-2024-42478",
|
|
61722
63388
|
"CVE-2024-42479",
|
|
61723
63389
|
"CVE-2024-50050",
|
|
@@ -61894,7 +63560,11 @@
|
|
|
61894
63560
|
"CVE-2023-43472",
|
|
61895
63561
|
"CVE-2023-43654",
|
|
61896
63562
|
"CVE-2023-48022",
|
|
63563
|
+
"CVE-2023-51449",
|
|
61897
63564
|
"CVE-2024-0132",
|
|
63565
|
+
"CVE-2024-1561",
|
|
63566
|
+
"CVE-2024-37032",
|
|
63567
|
+
"CVE-2024-39722",
|
|
61898
63568
|
"CVE-2024-42478",
|
|
61899
63569
|
"CVE-2024-42479",
|
|
61900
63570
|
"CVE-2024-50050",
|
|
@@ -62320,16 +63990,20 @@
|
|
|
62320
63990
|
"CVE-2023-43000",
|
|
62321
63991
|
"CVE-2023-43654",
|
|
62322
63992
|
"CVE-2023-50224",
|
|
63993
|
+
"CVE-2023-51449",
|
|
62323
63994
|
"CVE-2023-52163",
|
|
62324
63995
|
"CVE-2024-0769",
|
|
62325
63996
|
"CVE-2024-11182",
|
|
62326
63997
|
"CVE-2024-12987",
|
|
63998
|
+
"CVE-2024-1561",
|
|
62327
63999
|
"CVE-2024-1708",
|
|
62328
64000
|
"CVE-2024-21762",
|
|
62329
64001
|
"CVE-2024-27199",
|
|
62330
64002
|
"CVE-2024-27443",
|
|
62331
64003
|
"CVE-2024-3094",
|
|
64004
|
+
"CVE-2024-37032",
|
|
62332
64005
|
"CVE-2024-37079",
|
|
64006
|
+
"CVE-2024-39722",
|
|
62333
64007
|
"CVE-2024-42009",
|
|
62334
64008
|
"CVE-2024-42478",
|
|
62335
64009
|
"CVE-2024-42479",
|
|
@@ -62770,9 +64444,13 @@
|
|
|
62770
64444
|
"CVE-2023-43472",
|
|
62771
64445
|
"CVE-2023-43654",
|
|
62772
64446
|
"CVE-2023-48022",
|
|
64447
|
+
"CVE-2023-51449",
|
|
62773
64448
|
"CVE-2024-0132",
|
|
64449
|
+
"CVE-2024-1561",
|
|
62774
64450
|
"CVE-2024-3094",
|
|
62775
64451
|
"CVE-2024-3154",
|
|
64452
|
+
"CVE-2024-37032",
|
|
64453
|
+
"CVE-2024-39722",
|
|
62776
64454
|
"CVE-2024-42478",
|
|
62777
64455
|
"CVE-2024-42479",
|
|
62778
64456
|
"CVE-2024-50050",
|
|
@@ -63070,8 +64748,12 @@
|
|
|
63070
64748
|
"CVE-2023-43472",
|
|
63071
64749
|
"CVE-2023-43654",
|
|
63072
64750
|
"CVE-2023-48022",
|
|
64751
|
+
"CVE-2023-51449",
|
|
63073
64752
|
"CVE-2024-0132",
|
|
64753
|
+
"CVE-2024-1561",
|
|
63074
64754
|
"CVE-2024-3094",
|
|
64755
|
+
"CVE-2024-37032",
|
|
64756
|
+
"CVE-2024-39722",
|
|
63075
64757
|
"CVE-2024-40635",
|
|
63076
64758
|
"CVE-2024-42478",
|
|
63077
64759
|
"CVE-2024-42479",
|