@blamejs/exceptd-skills 0.13.91 → 0.13.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +1682 -0
- package/data/atlas-ttps.json +6 -0
- package/data/attack-techniques.json +8 -0
- package/data/cve-catalog.json +416 -0
- package/data/cwe-catalog.json +4 -0
- package/data/framework-control-gaps.json +32 -0
- package/data/zeroday-lessons.json +200 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -32327,6 +32327,1594 @@
|
|
|
32327
32327
|
]
|
|
32328
32328
|
}
|
|
32329
32329
|
},
|
|
32330
|
+
"CVE-2024-21575": {
|
|
32331
|
+
"name": "ComfyUI-Impact-Pack Path Traversal Arbitrary File Write to RCE",
|
|
32332
|
+
"rwep": 29,
|
|
32333
|
+
"cvss": 8.6,
|
|
32334
|
+
"cisa_kev": false,
|
|
32335
|
+
"epss_score": null,
|
|
32336
|
+
"referencing_skills": [
|
|
32337
|
+
"kernel-lpe-triage",
|
|
32338
|
+
"ai-attack-surface",
|
|
32339
|
+
"compliance-theater",
|
|
32340
|
+
"ai-c2-detection",
|
|
32341
|
+
"attack-surface-pentest",
|
|
32342
|
+
"dlp-gap-analysis",
|
|
32343
|
+
"ot-ics-security",
|
|
32344
|
+
"coordinated-vuln-disclosure",
|
|
32345
|
+
"sector-energy"
|
|
32346
|
+
],
|
|
32347
|
+
"chain": {
|
|
32348
|
+
"cwes": [
|
|
32349
|
+
{
|
|
32350
|
+
"id": "CWE-1037",
|
|
32351
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
32352
|
+
"category": "Hardware / Side Channel"
|
|
32353
|
+
},
|
|
32354
|
+
{
|
|
32355
|
+
"id": "CWE-1039",
|
|
32356
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
32357
|
+
"category": "AI/ML"
|
|
32358
|
+
},
|
|
32359
|
+
{
|
|
32360
|
+
"id": "CWE-125",
|
|
32361
|
+
"name": "Out-of-bounds Read",
|
|
32362
|
+
"category": "Memory Safety"
|
|
32363
|
+
},
|
|
32364
|
+
{
|
|
32365
|
+
"id": "CWE-1357",
|
|
32366
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
32367
|
+
"category": "Supply Chain"
|
|
32368
|
+
},
|
|
32369
|
+
{
|
|
32370
|
+
"id": "CWE-1395",
|
|
32371
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
32372
|
+
"category": "Supply Chain"
|
|
32373
|
+
},
|
|
32374
|
+
{
|
|
32375
|
+
"id": "CWE-1426",
|
|
32376
|
+
"name": "Improper Validation of Generative AI Output",
|
|
32377
|
+
"category": "AI/ML"
|
|
32378
|
+
},
|
|
32379
|
+
{
|
|
32380
|
+
"id": "CWE-200",
|
|
32381
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
32382
|
+
"category": "Information Exposure"
|
|
32383
|
+
},
|
|
32384
|
+
{
|
|
32385
|
+
"id": "CWE-22",
|
|
32386
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
32387
|
+
"category": "Path/Resource"
|
|
32388
|
+
},
|
|
32389
|
+
{
|
|
32390
|
+
"id": "CWE-269",
|
|
32391
|
+
"name": "Improper Privilege Management",
|
|
32392
|
+
"category": "Authorization"
|
|
32393
|
+
},
|
|
32394
|
+
{
|
|
32395
|
+
"id": "CWE-287",
|
|
32396
|
+
"name": "Improper Authentication",
|
|
32397
|
+
"category": "Authentication"
|
|
32398
|
+
},
|
|
32399
|
+
{
|
|
32400
|
+
"id": "CWE-306",
|
|
32401
|
+
"name": "Missing Authentication for Critical Function",
|
|
32402
|
+
"category": "Authentication"
|
|
32403
|
+
},
|
|
32404
|
+
{
|
|
32405
|
+
"id": "CWE-352",
|
|
32406
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
32407
|
+
"category": "Session"
|
|
32408
|
+
},
|
|
32409
|
+
{
|
|
32410
|
+
"id": "CWE-362",
|
|
32411
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
32412
|
+
"category": "Concurrency"
|
|
32413
|
+
},
|
|
32414
|
+
{
|
|
32415
|
+
"id": "CWE-416",
|
|
32416
|
+
"name": "Use After Free",
|
|
32417
|
+
"category": "Memory Safety"
|
|
32418
|
+
},
|
|
32419
|
+
{
|
|
32420
|
+
"id": "CWE-434",
|
|
32421
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
32422
|
+
"category": "File Handling"
|
|
32423
|
+
},
|
|
32424
|
+
{
|
|
32425
|
+
"id": "CWE-672",
|
|
32426
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
32427
|
+
"category": "Memory Safety"
|
|
32428
|
+
},
|
|
32429
|
+
{
|
|
32430
|
+
"id": "CWE-732",
|
|
32431
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
32432
|
+
"category": "Authorization"
|
|
32433
|
+
},
|
|
32434
|
+
{
|
|
32435
|
+
"id": "CWE-78",
|
|
32436
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
32437
|
+
"category": "Injection"
|
|
32438
|
+
},
|
|
32439
|
+
{
|
|
32440
|
+
"id": "CWE-787",
|
|
32441
|
+
"name": "Out-of-bounds Write",
|
|
32442
|
+
"category": "Memory Safety"
|
|
32443
|
+
},
|
|
32444
|
+
{
|
|
32445
|
+
"id": "CWE-79",
|
|
32446
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
32447
|
+
"category": "Injection"
|
|
32448
|
+
},
|
|
32449
|
+
{
|
|
32450
|
+
"id": "CWE-798",
|
|
32451
|
+
"name": "Use of Hard-coded Credentials",
|
|
32452
|
+
"category": "Credentials"
|
|
32453
|
+
},
|
|
32454
|
+
{
|
|
32455
|
+
"id": "CWE-89",
|
|
32456
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
32457
|
+
"category": "Injection"
|
|
32458
|
+
},
|
|
32459
|
+
{
|
|
32460
|
+
"id": "CWE-918",
|
|
32461
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
32462
|
+
"category": "Network"
|
|
32463
|
+
},
|
|
32464
|
+
{
|
|
32465
|
+
"id": "CWE-94",
|
|
32466
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
32467
|
+
"category": "Injection"
|
|
32468
|
+
}
|
|
32469
|
+
],
|
|
32470
|
+
"atlas": [
|
|
32471
|
+
{
|
|
32472
|
+
"id": "AML.T0010",
|
|
32473
|
+
"name": "ML Supply Chain Compromise",
|
|
32474
|
+
"tactic": "Initial Access"
|
|
32475
|
+
},
|
|
32476
|
+
{
|
|
32477
|
+
"id": "AML.T0016",
|
|
32478
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
32479
|
+
"tactic": "Resource Development"
|
|
32480
|
+
},
|
|
32481
|
+
{
|
|
32482
|
+
"id": "AML.T0017",
|
|
32483
|
+
"name": "Discover ML Model Ontology",
|
|
32484
|
+
"tactic": "Discovery"
|
|
32485
|
+
},
|
|
32486
|
+
{
|
|
32487
|
+
"id": "AML.T0018",
|
|
32488
|
+
"name": "Backdoor ML Model",
|
|
32489
|
+
"tactic": "Persistence"
|
|
32490
|
+
},
|
|
32491
|
+
{
|
|
32492
|
+
"id": "AML.T0020",
|
|
32493
|
+
"name": "Poison Training Data",
|
|
32494
|
+
"tactic": "ML Attack Staging"
|
|
32495
|
+
},
|
|
32496
|
+
{
|
|
32497
|
+
"id": "AML.T0043",
|
|
32498
|
+
"name": "Craft Adversarial Data",
|
|
32499
|
+
"tactic": "ML Attack Staging"
|
|
32500
|
+
},
|
|
32501
|
+
{
|
|
32502
|
+
"id": "AML.T0051",
|
|
32503
|
+
"name": "LLM Prompt Injection",
|
|
32504
|
+
"tactic": "Execution"
|
|
32505
|
+
},
|
|
32506
|
+
{
|
|
32507
|
+
"id": "AML.T0054",
|
|
32508
|
+
"name": "LLM Jailbreak",
|
|
32509
|
+
"tactic": "Defense Evasion"
|
|
32510
|
+
},
|
|
32511
|
+
{
|
|
32512
|
+
"id": "AML.T0096",
|
|
32513
|
+
"name": "AI API as Covert C2 Channel",
|
|
32514
|
+
"tactic": "Command and Control"
|
|
32515
|
+
}
|
|
32516
|
+
],
|
|
32517
|
+
"d3fend": [
|
|
32518
|
+
{
|
|
32519
|
+
"id": "D3-ASLR",
|
|
32520
|
+
"name": "Address Space Layout Randomization",
|
|
32521
|
+
"tactic": "Harden"
|
|
32522
|
+
},
|
|
32523
|
+
{
|
|
32524
|
+
"id": "D3-CA",
|
|
32525
|
+
"name": "Certificate Analysis",
|
|
32526
|
+
"tactic": "Detect"
|
|
32527
|
+
},
|
|
32528
|
+
{
|
|
32529
|
+
"id": "D3-CSPP",
|
|
32530
|
+
"name": "Client-server Payload Profiling",
|
|
32531
|
+
"tactic": "Detect"
|
|
32532
|
+
},
|
|
32533
|
+
{
|
|
32534
|
+
"id": "D3-DA",
|
|
32535
|
+
"name": "Domain Analysis",
|
|
32536
|
+
"tactic": "Detect"
|
|
32537
|
+
},
|
|
32538
|
+
{
|
|
32539
|
+
"id": "D3-EAL",
|
|
32540
|
+
"name": "Executable Allowlisting",
|
|
32541
|
+
"tactic": "Harden"
|
|
32542
|
+
},
|
|
32543
|
+
{
|
|
32544
|
+
"id": "D3-IOPR",
|
|
32545
|
+
"name": "Input/Output Profiling Resource",
|
|
32546
|
+
"tactic": "Detect"
|
|
32547
|
+
},
|
|
32548
|
+
{
|
|
32549
|
+
"id": "D3-NI",
|
|
32550
|
+
"name": "Network Isolation",
|
|
32551
|
+
"tactic": "Isolate"
|
|
32552
|
+
},
|
|
32553
|
+
{
|
|
32554
|
+
"id": "D3-NTA",
|
|
32555
|
+
"name": "Network Traffic Analysis",
|
|
32556
|
+
"tactic": "Detect"
|
|
32557
|
+
},
|
|
32558
|
+
{
|
|
32559
|
+
"id": "D3-NTPM",
|
|
32560
|
+
"name": "Network Traffic Policy Mapping",
|
|
32561
|
+
"tactic": "Model"
|
|
32562
|
+
},
|
|
32563
|
+
{
|
|
32564
|
+
"id": "D3-PHRA",
|
|
32565
|
+
"name": "Process Hardware Resource Access",
|
|
32566
|
+
"tactic": "Isolate"
|
|
32567
|
+
},
|
|
32568
|
+
{
|
|
32569
|
+
"id": "D3-PSEP",
|
|
32570
|
+
"name": "Process Segment Execution Prevention",
|
|
32571
|
+
"tactic": "Harden"
|
|
32572
|
+
}
|
|
32573
|
+
],
|
|
32574
|
+
"framework_gaps": [
|
|
32575
|
+
{
|
|
32576
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
32577
|
+
"framework": "ALL",
|
|
32578
|
+
"control_name": "AI Pipeline Integrity"
|
|
32579
|
+
},
|
|
32580
|
+
{
|
|
32581
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
32582
|
+
"framework": "ALL",
|
|
32583
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
32584
|
+
},
|
|
32585
|
+
{
|
|
32586
|
+
"id": "CIS-Controls-v8-Control7",
|
|
32587
|
+
"framework": "CIS Controls v8",
|
|
32588
|
+
"control_name": "Continuous Vulnerability Management"
|
|
32589
|
+
},
|
|
32590
|
+
{
|
|
32591
|
+
"id": "CMMC-2.0-Level-2",
|
|
32592
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
32593
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
32594
|
+
},
|
|
32595
|
+
{
|
|
32596
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
32597
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
32598
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
32599
|
+
},
|
|
32600
|
+
{
|
|
32601
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
32602
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
32603
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
32604
|
+
},
|
|
32605
|
+
{
|
|
32606
|
+
"id": "IEC-62443-3-3",
|
|
32607
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
32608
|
+
"control_name": "System security requirements and security levels"
|
|
32609
|
+
},
|
|
32610
|
+
{
|
|
32611
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
32612
|
+
"framework": "ISO/IEC 27001:2022",
|
|
32613
|
+
"control_name": "Monitoring activities"
|
|
32614
|
+
},
|
|
32615
|
+
{
|
|
32616
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
32617
|
+
"framework": "ISO/IEC 27001:2022",
|
|
32618
|
+
"control_name": "Secure coding"
|
|
32619
|
+
},
|
|
32620
|
+
{
|
|
32621
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
32622
|
+
"framework": "ISO/IEC 27001:2022",
|
|
32623
|
+
"control_name": "Management of technical vulnerabilities"
|
|
32624
|
+
},
|
|
32625
|
+
{
|
|
32626
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
32627
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
32628
|
+
"control_name": "AI risk management process"
|
|
32629
|
+
},
|
|
32630
|
+
{
|
|
32631
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
32632
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
32633
|
+
"control_name": "AI risk assessment"
|
|
32634
|
+
},
|
|
32635
|
+
{
|
|
32636
|
+
"id": "NERC-CIP-007-6-R4",
|
|
32637
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
32638
|
+
"control_name": "Security event monitoring"
|
|
32639
|
+
},
|
|
32640
|
+
{
|
|
32641
|
+
"id": "NIS2-Art21-patch-management",
|
|
32642
|
+
"framework": "EU NIS2 Directive",
|
|
32643
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
32644
|
+
},
|
|
32645
|
+
{
|
|
32646
|
+
"id": "NIST-800-115",
|
|
32647
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
32648
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
32649
|
+
},
|
|
32650
|
+
{
|
|
32651
|
+
"id": "NIST-800-218-SSDF",
|
|
32652
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
32653
|
+
"control_name": "Secure Software Development Framework"
|
|
32654
|
+
},
|
|
32655
|
+
{
|
|
32656
|
+
"id": "NIST-800-53-AC-2",
|
|
32657
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32658
|
+
"control_name": "Account Management"
|
|
32659
|
+
},
|
|
32660
|
+
{
|
|
32661
|
+
"id": "NIST-800-53-SC-28",
|
|
32662
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32663
|
+
"control_name": "Protection of Information at Rest"
|
|
32664
|
+
},
|
|
32665
|
+
{
|
|
32666
|
+
"id": "NIST-800-53-SC-7",
|
|
32667
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32668
|
+
"control_name": "Boundary Protection"
|
|
32669
|
+
},
|
|
32670
|
+
{
|
|
32671
|
+
"id": "NIST-800-53-SC-8",
|
|
32672
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32673
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
32674
|
+
},
|
|
32675
|
+
{
|
|
32676
|
+
"id": "NIST-800-53-SI-2",
|
|
32677
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32678
|
+
"control_name": "Flaw Remediation"
|
|
32679
|
+
},
|
|
32680
|
+
{
|
|
32681
|
+
"id": "NIST-800-53-SI-3",
|
|
32682
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
32683
|
+
"control_name": "Malicious Code Protection"
|
|
32684
|
+
},
|
|
32685
|
+
{
|
|
32686
|
+
"id": "NIST-800-82r3",
|
|
32687
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
32688
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
32689
|
+
},
|
|
32690
|
+
{
|
|
32691
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
32692
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
32693
|
+
"control_name": "Prompt Injection"
|
|
32694
|
+
},
|
|
32695
|
+
{
|
|
32696
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
32697
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
32698
|
+
"control_name": "Sensitive Information Disclosure"
|
|
32699
|
+
},
|
|
32700
|
+
{
|
|
32701
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
32702
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
32703
|
+
"control_name": "Web application penetration testing methodology"
|
|
32704
|
+
},
|
|
32705
|
+
{
|
|
32706
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
32707
|
+
"framework": "PCI DSS 4.0",
|
|
32708
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
32709
|
+
},
|
|
32710
|
+
{
|
|
32711
|
+
"id": "PTES-Pre-engagement",
|
|
32712
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
32713
|
+
"control_name": "Pre-engagement Interactions"
|
|
32714
|
+
},
|
|
32715
|
+
{
|
|
32716
|
+
"id": "SOC2-CC6-logical-access",
|
|
32717
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
32718
|
+
"control_name": "Logical and Physical Access Controls"
|
|
32719
|
+
},
|
|
32720
|
+
{
|
|
32721
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
32722
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
32723
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
32724
|
+
},
|
|
32725
|
+
{
|
|
32726
|
+
"id": "SOC2-CC9-vendor-management",
|
|
32727
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
32728
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
32729
|
+
}
|
|
32730
|
+
],
|
|
32731
|
+
"attack_refs": [
|
|
32732
|
+
"T0855",
|
|
32733
|
+
"T0883",
|
|
32734
|
+
"T1041",
|
|
32735
|
+
"T1059",
|
|
32736
|
+
"T1068",
|
|
32737
|
+
"T1071",
|
|
32738
|
+
"T1078",
|
|
32739
|
+
"T1102",
|
|
32740
|
+
"T1133",
|
|
32741
|
+
"T1190",
|
|
32742
|
+
"T1213",
|
|
32743
|
+
"T1530",
|
|
32744
|
+
"T1548.001",
|
|
32745
|
+
"T1566",
|
|
32746
|
+
"T1567",
|
|
32747
|
+
"T1568"
|
|
32748
|
+
],
|
|
32749
|
+
"rfc_refs": [
|
|
32750
|
+
"RFC-4301",
|
|
32751
|
+
"RFC-4303",
|
|
32752
|
+
"RFC-7296",
|
|
32753
|
+
"RFC-8446",
|
|
32754
|
+
"RFC-9000",
|
|
32755
|
+
"RFC-9114",
|
|
32756
|
+
"RFC-9180",
|
|
32757
|
+
"RFC-9421",
|
|
32758
|
+
"RFC-9458"
|
|
32759
|
+
]
|
|
32760
|
+
}
|
|
32761
|
+
},
|
|
32762
|
+
"CVE-2024-21576": {
|
|
32763
|
+
"name": "ComfyUI-Bmad-Nodes Workflow Code Injection RCE",
|
|
32764
|
+
"rwep": 29,
|
|
32765
|
+
"cvss": 10,
|
|
32766
|
+
"cisa_kev": false,
|
|
32767
|
+
"epss_score": null,
|
|
32768
|
+
"referencing_skills": [
|
|
32769
|
+
"kernel-lpe-triage",
|
|
32770
|
+
"ai-attack-surface",
|
|
32771
|
+
"compliance-theater",
|
|
32772
|
+
"ai-c2-detection",
|
|
32773
|
+
"attack-surface-pentest",
|
|
32774
|
+
"dlp-gap-analysis",
|
|
32775
|
+
"ot-ics-security",
|
|
32776
|
+
"coordinated-vuln-disclosure",
|
|
32777
|
+
"sector-energy"
|
|
32778
|
+
],
|
|
32779
|
+
"chain": {
|
|
32780
|
+
"cwes": [
|
|
32781
|
+
{
|
|
32782
|
+
"id": "CWE-1037",
|
|
32783
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
32784
|
+
"category": "Hardware / Side Channel"
|
|
32785
|
+
},
|
|
32786
|
+
{
|
|
32787
|
+
"id": "CWE-1039",
|
|
32788
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
32789
|
+
"category": "AI/ML"
|
|
32790
|
+
},
|
|
32791
|
+
{
|
|
32792
|
+
"id": "CWE-125",
|
|
32793
|
+
"name": "Out-of-bounds Read",
|
|
32794
|
+
"category": "Memory Safety"
|
|
32795
|
+
},
|
|
32796
|
+
{
|
|
32797
|
+
"id": "CWE-1357",
|
|
32798
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
32799
|
+
"category": "Supply Chain"
|
|
32800
|
+
},
|
|
32801
|
+
{
|
|
32802
|
+
"id": "CWE-1395",
|
|
32803
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
32804
|
+
"category": "Supply Chain"
|
|
32805
|
+
},
|
|
32806
|
+
{
|
|
32807
|
+
"id": "CWE-1426",
|
|
32808
|
+
"name": "Improper Validation of Generative AI Output",
|
|
32809
|
+
"category": "AI/ML"
|
|
32810
|
+
},
|
|
32811
|
+
{
|
|
32812
|
+
"id": "CWE-200",
|
|
32813
|
+
"name": "Exposure of Sensitive Information to an Unauthorized Actor",
|
|
32814
|
+
"category": "Information Exposure"
|
|
32815
|
+
},
|
|
32816
|
+
{
|
|
32817
|
+
"id": "CWE-22",
|
|
32818
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
32819
|
+
"category": "Path/Resource"
|
|
32820
|
+
},
|
|
32821
|
+
{
|
|
32822
|
+
"id": "CWE-269",
|
|
32823
|
+
"name": "Improper Privilege Management",
|
|
32824
|
+
"category": "Authorization"
|
|
32825
|
+
},
|
|
32826
|
+
{
|
|
32827
|
+
"id": "CWE-287",
|
|
32828
|
+
"name": "Improper Authentication",
|
|
32829
|
+
"category": "Authentication"
|
|
32830
|
+
},
|
|
32831
|
+
{
|
|
32832
|
+
"id": "CWE-306",
|
|
32833
|
+
"name": "Missing Authentication for Critical Function",
|
|
32834
|
+
"category": "Authentication"
|
|
32835
|
+
},
|
|
32836
|
+
{
|
|
32837
|
+
"id": "CWE-352",
|
|
32838
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
32839
|
+
"category": "Session"
|
|
32840
|
+
},
|
|
32841
|
+
{
|
|
32842
|
+
"id": "CWE-362",
|
|
32843
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
32844
|
+
"category": "Concurrency"
|
|
32845
|
+
},
|
|
32846
|
+
{
|
|
32847
|
+
"id": "CWE-416",
|
|
32848
|
+
"name": "Use After Free",
|
|
32849
|
+
"category": "Memory Safety"
|
|
32850
|
+
},
|
|
32851
|
+
{
|
|
32852
|
+
"id": "CWE-434",
|
|
32853
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
32854
|
+
"category": "File Handling"
|
|
32855
|
+
},
|
|
32856
|
+
{
|
|
32857
|
+
"id": "CWE-672",
|
|
32858
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
32859
|
+
"category": "Memory Safety"
|
|
32860
|
+
},
|
|
32861
|
+
{
|
|
32862
|
+
"id": "CWE-732",
|
|
32863
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
32864
|
+
"category": "Authorization"
|
|
32865
|
+
},
|
|
32866
|
+
{
|
|
32867
|
+
"id": "CWE-78",
|
|
32868
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
32869
|
+
"category": "Injection"
|
|
32870
|
+
},
|
|
32871
|
+
{
|
|
32872
|
+
"id": "CWE-787",
|
|
32873
|
+
"name": "Out-of-bounds Write",
|
|
32874
|
+
"category": "Memory Safety"
|
|
32875
|
+
},
|
|
32876
|
+
{
|
|
32877
|
+
"id": "CWE-79",
|
|
32878
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
32879
|
+
"category": "Injection"
|
|
32880
|
+
},
|
|
32881
|
+
{
|
|
32882
|
+
"id": "CWE-798",
|
|
32883
|
+
"name": "Use of Hard-coded Credentials",
|
|
32884
|
+
"category": "Credentials"
|
|
32885
|
+
},
|
|
32886
|
+
{
|
|
32887
|
+
"id": "CWE-89",
|
|
32888
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
32889
|
+
"category": "Injection"
|
|
32890
|
+
},
|
|
32891
|
+
{
|
|
32892
|
+
"id": "CWE-918",
|
|
32893
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
32894
|
+
"category": "Network"
|
|
32895
|
+
},
|
|
32896
|
+
{
|
|
32897
|
+
"id": "CWE-94",
|
|
32898
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
32899
|
+
"category": "Injection"
|
|
32900
|
+
}
|
|
32901
|
+
],
|
|
32902
|
+
"atlas": [
|
|
32903
|
+
{
|
|
32904
|
+
"id": "AML.T0010",
|
|
32905
|
+
"name": "ML Supply Chain Compromise",
|
|
32906
|
+
"tactic": "Initial Access"
|
|
32907
|
+
},
|
|
32908
|
+
{
|
|
32909
|
+
"id": "AML.T0016",
|
|
32910
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
32911
|
+
"tactic": "Resource Development"
|
|
32912
|
+
},
|
|
32913
|
+
{
|
|
32914
|
+
"id": "AML.T0017",
|
|
32915
|
+
"name": "Discover ML Model Ontology",
|
|
32916
|
+
"tactic": "Discovery"
|
|
32917
|
+
},
|
|
32918
|
+
{
|
|
32919
|
+
"id": "AML.T0018",
|
|
32920
|
+
"name": "Backdoor ML Model",
|
|
32921
|
+
"tactic": "Persistence"
|
|
32922
|
+
},
|
|
32923
|
+
{
|
|
32924
|
+
"id": "AML.T0020",
|
|
32925
|
+
"name": "Poison Training Data",
|
|
32926
|
+
"tactic": "ML Attack Staging"
|
|
32927
|
+
},
|
|
32928
|
+
{
|
|
32929
|
+
"id": "AML.T0043",
|
|
32930
|
+
"name": "Craft Adversarial Data",
|
|
32931
|
+
"tactic": "ML Attack Staging"
|
|
32932
|
+
},
|
|
32933
|
+
{
|
|
32934
|
+
"id": "AML.T0051",
|
|
32935
|
+
"name": "LLM Prompt Injection",
|
|
32936
|
+
"tactic": "Execution"
|
|
32937
|
+
},
|
|
32938
|
+
{
|
|
32939
|
+
"id": "AML.T0054",
|
|
32940
|
+
"name": "LLM Jailbreak",
|
|
32941
|
+
"tactic": "Defense Evasion"
|
|
32942
|
+
},
|
|
32943
|
+
{
|
|
32944
|
+
"id": "AML.T0096",
|
|
32945
|
+
"name": "AI API as Covert C2 Channel",
|
|
32946
|
+
"tactic": "Command and Control"
|
|
32947
|
+
}
|
|
32948
|
+
],
|
|
32949
|
+
"d3fend": [
|
|
32950
|
+
{
|
|
32951
|
+
"id": "D3-ASLR",
|
|
32952
|
+
"name": "Address Space Layout Randomization",
|
|
32953
|
+
"tactic": "Harden"
|
|
32954
|
+
},
|
|
32955
|
+
{
|
|
32956
|
+
"id": "D3-CA",
|
|
32957
|
+
"name": "Certificate Analysis",
|
|
32958
|
+
"tactic": "Detect"
|
|
32959
|
+
},
|
|
32960
|
+
{
|
|
32961
|
+
"id": "D3-CSPP",
|
|
32962
|
+
"name": "Client-server Payload Profiling",
|
|
32963
|
+
"tactic": "Detect"
|
|
32964
|
+
},
|
|
32965
|
+
{
|
|
32966
|
+
"id": "D3-DA",
|
|
32967
|
+
"name": "Domain Analysis",
|
|
32968
|
+
"tactic": "Detect"
|
|
32969
|
+
},
|
|
32970
|
+
{
|
|
32971
|
+
"id": "D3-EAL",
|
|
32972
|
+
"name": "Executable Allowlisting",
|
|
32973
|
+
"tactic": "Harden"
|
|
32974
|
+
},
|
|
32975
|
+
{
|
|
32976
|
+
"id": "D3-IOPR",
|
|
32977
|
+
"name": "Input/Output Profiling Resource",
|
|
32978
|
+
"tactic": "Detect"
|
|
32979
|
+
},
|
|
32980
|
+
{
|
|
32981
|
+
"id": "D3-NI",
|
|
32982
|
+
"name": "Network Isolation",
|
|
32983
|
+
"tactic": "Isolate"
|
|
32984
|
+
},
|
|
32985
|
+
{
|
|
32986
|
+
"id": "D3-NTA",
|
|
32987
|
+
"name": "Network Traffic Analysis",
|
|
32988
|
+
"tactic": "Detect"
|
|
32989
|
+
},
|
|
32990
|
+
{
|
|
32991
|
+
"id": "D3-NTPM",
|
|
32992
|
+
"name": "Network Traffic Policy Mapping",
|
|
32993
|
+
"tactic": "Model"
|
|
32994
|
+
},
|
|
32995
|
+
{
|
|
32996
|
+
"id": "D3-PHRA",
|
|
32997
|
+
"name": "Process Hardware Resource Access",
|
|
32998
|
+
"tactic": "Isolate"
|
|
32999
|
+
},
|
|
33000
|
+
{
|
|
33001
|
+
"id": "D3-PSEP",
|
|
33002
|
+
"name": "Process Segment Execution Prevention",
|
|
33003
|
+
"tactic": "Harden"
|
|
33004
|
+
}
|
|
33005
|
+
],
|
|
33006
|
+
"framework_gaps": [
|
|
33007
|
+
{
|
|
33008
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
33009
|
+
"framework": "ALL",
|
|
33010
|
+
"control_name": "AI Pipeline Integrity"
|
|
33011
|
+
},
|
|
33012
|
+
{
|
|
33013
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
33014
|
+
"framework": "ALL",
|
|
33015
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
33016
|
+
},
|
|
33017
|
+
{
|
|
33018
|
+
"id": "CIS-Controls-v8-Control7",
|
|
33019
|
+
"framework": "CIS Controls v8",
|
|
33020
|
+
"control_name": "Continuous Vulnerability Management"
|
|
33021
|
+
},
|
|
33022
|
+
{
|
|
33023
|
+
"id": "CMMC-2.0-Level-2",
|
|
33024
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
33025
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
33026
|
+
},
|
|
33027
|
+
{
|
|
33028
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
33029
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
33030
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
33031
|
+
},
|
|
33032
|
+
{
|
|
33033
|
+
"id": "HIPAA-Security-Rule-164.312(a)(1)",
|
|
33034
|
+
"framework": "HIPAA Security Rule (45 CFR § 164.312)",
|
|
33035
|
+
"control_name": "Access control standard (technical safeguards)"
|
|
33036
|
+
},
|
|
33037
|
+
{
|
|
33038
|
+
"id": "IEC-62443-3-3",
|
|
33039
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
33040
|
+
"control_name": "System security requirements and security levels"
|
|
33041
|
+
},
|
|
33042
|
+
{
|
|
33043
|
+
"id": "ISO-27001-2022-A.8.16",
|
|
33044
|
+
"framework": "ISO/IEC 27001:2022",
|
|
33045
|
+
"control_name": "Monitoring activities"
|
|
33046
|
+
},
|
|
33047
|
+
{
|
|
33048
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
33049
|
+
"framework": "ISO/IEC 27001:2022",
|
|
33050
|
+
"control_name": "Secure coding"
|
|
33051
|
+
},
|
|
33052
|
+
{
|
|
33053
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
33054
|
+
"framework": "ISO/IEC 27001:2022",
|
|
33055
|
+
"control_name": "Management of technical vulnerabilities"
|
|
33056
|
+
},
|
|
33057
|
+
{
|
|
33058
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
33059
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
33060
|
+
"control_name": "AI risk management process"
|
|
33061
|
+
},
|
|
33062
|
+
{
|
|
33063
|
+
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
33064
|
+
"framework": "ISO/IEC 42001:2023 (AI Management System)",
|
|
33065
|
+
"control_name": "AI risk assessment"
|
|
33066
|
+
},
|
|
33067
|
+
{
|
|
33068
|
+
"id": "NERC-CIP-007-6-R4",
|
|
33069
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
33070
|
+
"control_name": "Security event monitoring"
|
|
33071
|
+
},
|
|
33072
|
+
{
|
|
33073
|
+
"id": "NIS2-Art21-patch-management",
|
|
33074
|
+
"framework": "EU NIS2 Directive",
|
|
33075
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
33076
|
+
},
|
|
33077
|
+
{
|
|
33078
|
+
"id": "NIST-800-115",
|
|
33079
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
33080
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
33081
|
+
},
|
|
33082
|
+
{
|
|
33083
|
+
"id": "NIST-800-218-SSDF",
|
|
33084
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
33085
|
+
"control_name": "Secure Software Development Framework"
|
|
33086
|
+
},
|
|
33087
|
+
{
|
|
33088
|
+
"id": "NIST-800-53-AC-2",
|
|
33089
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33090
|
+
"control_name": "Account Management"
|
|
33091
|
+
},
|
|
33092
|
+
{
|
|
33093
|
+
"id": "NIST-800-53-SC-28",
|
|
33094
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33095
|
+
"control_name": "Protection of Information at Rest"
|
|
33096
|
+
},
|
|
33097
|
+
{
|
|
33098
|
+
"id": "NIST-800-53-SC-7",
|
|
33099
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33100
|
+
"control_name": "Boundary Protection"
|
|
33101
|
+
},
|
|
33102
|
+
{
|
|
33103
|
+
"id": "NIST-800-53-SC-8",
|
|
33104
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33105
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
33106
|
+
},
|
|
33107
|
+
{
|
|
33108
|
+
"id": "NIST-800-53-SI-2",
|
|
33109
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33110
|
+
"control_name": "Flaw Remediation"
|
|
33111
|
+
},
|
|
33112
|
+
{
|
|
33113
|
+
"id": "NIST-800-53-SI-3",
|
|
33114
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33115
|
+
"control_name": "Malicious Code Protection"
|
|
33116
|
+
},
|
|
33117
|
+
{
|
|
33118
|
+
"id": "NIST-800-82r3",
|
|
33119
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
33120
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
33121
|
+
},
|
|
33122
|
+
{
|
|
33123
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
33124
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
33125
|
+
"control_name": "Prompt Injection"
|
|
33126
|
+
},
|
|
33127
|
+
{
|
|
33128
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
33129
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
33130
|
+
"control_name": "Sensitive Information Disclosure"
|
|
33131
|
+
},
|
|
33132
|
+
{
|
|
33133
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
33134
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
33135
|
+
"control_name": "Web application penetration testing methodology"
|
|
33136
|
+
},
|
|
33137
|
+
{
|
|
33138
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
33139
|
+
"framework": "PCI DSS 4.0",
|
|
33140
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
33141
|
+
},
|
|
33142
|
+
{
|
|
33143
|
+
"id": "PTES-Pre-engagement",
|
|
33144
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
33145
|
+
"control_name": "Pre-engagement Interactions"
|
|
33146
|
+
},
|
|
33147
|
+
{
|
|
33148
|
+
"id": "SOC2-CC6-logical-access",
|
|
33149
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
33150
|
+
"control_name": "Logical and Physical Access Controls"
|
|
33151
|
+
},
|
|
33152
|
+
{
|
|
33153
|
+
"id": "SOC2-CC7-anomaly-detection",
|
|
33154
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
33155
|
+
"control_name": "System Operations — Threat and Vulnerability Management"
|
|
33156
|
+
},
|
|
33157
|
+
{
|
|
33158
|
+
"id": "SOC2-CC9-vendor-management",
|
|
33159
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
33160
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
33161
|
+
}
|
|
33162
|
+
],
|
|
33163
|
+
"attack_refs": [
|
|
33164
|
+
"T0855",
|
|
33165
|
+
"T0883",
|
|
33166
|
+
"T1041",
|
|
33167
|
+
"T1059",
|
|
33168
|
+
"T1068",
|
|
33169
|
+
"T1071",
|
|
33170
|
+
"T1078",
|
|
33171
|
+
"T1102",
|
|
33172
|
+
"T1133",
|
|
33173
|
+
"T1190",
|
|
33174
|
+
"T1213",
|
|
33175
|
+
"T1530",
|
|
33176
|
+
"T1548.001",
|
|
33177
|
+
"T1566",
|
|
33178
|
+
"T1567",
|
|
33179
|
+
"T1568"
|
|
33180
|
+
],
|
|
33181
|
+
"rfc_refs": [
|
|
33182
|
+
"RFC-4301",
|
|
33183
|
+
"RFC-4303",
|
|
33184
|
+
"RFC-7296",
|
|
33185
|
+
"RFC-8446",
|
|
33186
|
+
"RFC-9000",
|
|
33187
|
+
"RFC-9114",
|
|
33188
|
+
"RFC-9180",
|
|
33189
|
+
"RFC-9421",
|
|
33190
|
+
"RFC-9458"
|
|
33191
|
+
]
|
|
33192
|
+
}
|
|
33193
|
+
},
|
|
33194
|
+
"CVE-2024-21513": {
|
|
33195
|
+
"name": "LangChain-Experimental VectorSQLDatabaseChain Code Execution",
|
|
33196
|
+
"rwep": 27,
|
|
33197
|
+
"cvss": 8.5,
|
|
33198
|
+
"cisa_kev": false,
|
|
33199
|
+
"epss_score": null,
|
|
33200
|
+
"referencing_skills": [
|
|
33201
|
+
"kernel-lpe-triage",
|
|
33202
|
+
"ai-attack-surface",
|
|
33203
|
+
"compliance-theater",
|
|
33204
|
+
"attack-surface-pentest",
|
|
33205
|
+
"ot-ics-security",
|
|
33206
|
+
"coordinated-vuln-disclosure",
|
|
33207
|
+
"sector-energy"
|
|
33208
|
+
],
|
|
33209
|
+
"chain": {
|
|
33210
|
+
"cwes": [
|
|
33211
|
+
{
|
|
33212
|
+
"id": "CWE-1037",
|
|
33213
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
33214
|
+
"category": "Hardware / Side Channel"
|
|
33215
|
+
},
|
|
33216
|
+
{
|
|
33217
|
+
"id": "CWE-1039",
|
|
33218
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
33219
|
+
"category": "AI/ML"
|
|
33220
|
+
},
|
|
33221
|
+
{
|
|
33222
|
+
"id": "CWE-125",
|
|
33223
|
+
"name": "Out-of-bounds Read",
|
|
33224
|
+
"category": "Memory Safety"
|
|
33225
|
+
},
|
|
33226
|
+
{
|
|
33227
|
+
"id": "CWE-1357",
|
|
33228
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
33229
|
+
"category": "Supply Chain"
|
|
33230
|
+
},
|
|
33231
|
+
{
|
|
33232
|
+
"id": "CWE-1395",
|
|
33233
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
33234
|
+
"category": "Supply Chain"
|
|
33235
|
+
},
|
|
33236
|
+
{
|
|
33237
|
+
"id": "CWE-1426",
|
|
33238
|
+
"name": "Improper Validation of Generative AI Output",
|
|
33239
|
+
"category": "AI/ML"
|
|
33240
|
+
},
|
|
33241
|
+
{
|
|
33242
|
+
"id": "CWE-22",
|
|
33243
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
33244
|
+
"category": "Path/Resource"
|
|
33245
|
+
},
|
|
33246
|
+
{
|
|
33247
|
+
"id": "CWE-269",
|
|
33248
|
+
"name": "Improper Privilege Management",
|
|
33249
|
+
"category": "Authorization"
|
|
33250
|
+
},
|
|
33251
|
+
{
|
|
33252
|
+
"id": "CWE-287",
|
|
33253
|
+
"name": "Improper Authentication",
|
|
33254
|
+
"category": "Authentication"
|
|
33255
|
+
},
|
|
33256
|
+
{
|
|
33257
|
+
"id": "CWE-306",
|
|
33258
|
+
"name": "Missing Authentication for Critical Function",
|
|
33259
|
+
"category": "Authentication"
|
|
33260
|
+
},
|
|
33261
|
+
{
|
|
33262
|
+
"id": "CWE-352",
|
|
33263
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
33264
|
+
"category": "Session"
|
|
33265
|
+
},
|
|
33266
|
+
{
|
|
33267
|
+
"id": "CWE-362",
|
|
33268
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
33269
|
+
"category": "Concurrency"
|
|
33270
|
+
},
|
|
33271
|
+
{
|
|
33272
|
+
"id": "CWE-416",
|
|
33273
|
+
"name": "Use After Free",
|
|
33274
|
+
"category": "Memory Safety"
|
|
33275
|
+
},
|
|
33276
|
+
{
|
|
33277
|
+
"id": "CWE-434",
|
|
33278
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
33279
|
+
"category": "File Handling"
|
|
33280
|
+
},
|
|
33281
|
+
{
|
|
33282
|
+
"id": "CWE-672",
|
|
33283
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
33284
|
+
"category": "Memory Safety"
|
|
33285
|
+
},
|
|
33286
|
+
{
|
|
33287
|
+
"id": "CWE-732",
|
|
33288
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
33289
|
+
"category": "Authorization"
|
|
33290
|
+
},
|
|
33291
|
+
{
|
|
33292
|
+
"id": "CWE-78",
|
|
33293
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
33294
|
+
"category": "Injection"
|
|
33295
|
+
},
|
|
33296
|
+
{
|
|
33297
|
+
"id": "CWE-787",
|
|
33298
|
+
"name": "Out-of-bounds Write",
|
|
33299
|
+
"category": "Memory Safety"
|
|
33300
|
+
},
|
|
33301
|
+
{
|
|
33302
|
+
"id": "CWE-79",
|
|
33303
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
33304
|
+
"category": "Injection"
|
|
33305
|
+
},
|
|
33306
|
+
{
|
|
33307
|
+
"id": "CWE-798",
|
|
33308
|
+
"name": "Use of Hard-coded Credentials",
|
|
33309
|
+
"category": "Credentials"
|
|
33310
|
+
},
|
|
33311
|
+
{
|
|
33312
|
+
"id": "CWE-89",
|
|
33313
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
33314
|
+
"category": "Injection"
|
|
33315
|
+
},
|
|
33316
|
+
{
|
|
33317
|
+
"id": "CWE-918",
|
|
33318
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
33319
|
+
"category": "Network"
|
|
33320
|
+
},
|
|
33321
|
+
{
|
|
33322
|
+
"id": "CWE-94",
|
|
33323
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
33324
|
+
"category": "Injection"
|
|
33325
|
+
}
|
|
33326
|
+
],
|
|
33327
|
+
"atlas": [
|
|
33328
|
+
{
|
|
33329
|
+
"id": "AML.T0010",
|
|
33330
|
+
"name": "ML Supply Chain Compromise",
|
|
33331
|
+
"tactic": "Initial Access"
|
|
33332
|
+
},
|
|
33333
|
+
{
|
|
33334
|
+
"id": "AML.T0016",
|
|
33335
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
33336
|
+
"tactic": "Resource Development"
|
|
33337
|
+
},
|
|
33338
|
+
{
|
|
33339
|
+
"id": "AML.T0017",
|
|
33340
|
+
"name": "Discover ML Model Ontology",
|
|
33341
|
+
"tactic": "Discovery"
|
|
33342
|
+
},
|
|
33343
|
+
{
|
|
33344
|
+
"id": "AML.T0018",
|
|
33345
|
+
"name": "Backdoor ML Model",
|
|
33346
|
+
"tactic": "Persistence"
|
|
33347
|
+
},
|
|
33348
|
+
{
|
|
33349
|
+
"id": "AML.T0020",
|
|
33350
|
+
"name": "Poison Training Data",
|
|
33351
|
+
"tactic": "ML Attack Staging"
|
|
33352
|
+
},
|
|
33353
|
+
{
|
|
33354
|
+
"id": "AML.T0043",
|
|
33355
|
+
"name": "Craft Adversarial Data",
|
|
33356
|
+
"tactic": "ML Attack Staging"
|
|
33357
|
+
},
|
|
33358
|
+
{
|
|
33359
|
+
"id": "AML.T0051",
|
|
33360
|
+
"name": "LLM Prompt Injection",
|
|
33361
|
+
"tactic": "Execution"
|
|
33362
|
+
},
|
|
33363
|
+
{
|
|
33364
|
+
"id": "AML.T0054",
|
|
33365
|
+
"name": "LLM Jailbreak",
|
|
33366
|
+
"tactic": "Defense Evasion"
|
|
33367
|
+
},
|
|
33368
|
+
{
|
|
33369
|
+
"id": "AML.T0096",
|
|
33370
|
+
"name": "AI API as Covert C2 Channel",
|
|
33371
|
+
"tactic": "Command and Control"
|
|
33372
|
+
}
|
|
33373
|
+
],
|
|
33374
|
+
"d3fend": [
|
|
33375
|
+
{
|
|
33376
|
+
"id": "D3-ASLR",
|
|
33377
|
+
"name": "Address Space Layout Randomization",
|
|
33378
|
+
"tactic": "Harden"
|
|
33379
|
+
},
|
|
33380
|
+
{
|
|
33381
|
+
"id": "D3-CSPP",
|
|
33382
|
+
"name": "Client-server Payload Profiling",
|
|
33383
|
+
"tactic": "Detect"
|
|
33384
|
+
},
|
|
33385
|
+
{
|
|
33386
|
+
"id": "D3-EAL",
|
|
33387
|
+
"name": "Executable Allowlisting",
|
|
33388
|
+
"tactic": "Harden"
|
|
33389
|
+
},
|
|
33390
|
+
{
|
|
33391
|
+
"id": "D3-IOPR",
|
|
33392
|
+
"name": "Input/Output Profiling Resource",
|
|
33393
|
+
"tactic": "Detect"
|
|
33394
|
+
},
|
|
33395
|
+
{
|
|
33396
|
+
"id": "D3-NTA",
|
|
33397
|
+
"name": "Network Traffic Analysis",
|
|
33398
|
+
"tactic": "Detect"
|
|
33399
|
+
},
|
|
33400
|
+
{
|
|
33401
|
+
"id": "D3-PHRA",
|
|
33402
|
+
"name": "Process Hardware Resource Access",
|
|
33403
|
+
"tactic": "Isolate"
|
|
33404
|
+
},
|
|
33405
|
+
{
|
|
33406
|
+
"id": "D3-PSEP",
|
|
33407
|
+
"name": "Process Segment Execution Prevention",
|
|
33408
|
+
"tactic": "Harden"
|
|
33409
|
+
}
|
|
33410
|
+
],
|
|
33411
|
+
"framework_gaps": [
|
|
33412
|
+
{
|
|
33413
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
33414
|
+
"framework": "ALL",
|
|
33415
|
+
"control_name": "AI Pipeline Integrity"
|
|
33416
|
+
},
|
|
33417
|
+
{
|
|
33418
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
33419
|
+
"framework": "ALL",
|
|
33420
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
33421
|
+
},
|
|
33422
|
+
{
|
|
33423
|
+
"id": "CIS-Controls-v8-Control7",
|
|
33424
|
+
"framework": "CIS Controls v8",
|
|
33425
|
+
"control_name": "Continuous Vulnerability Management"
|
|
33426
|
+
},
|
|
33427
|
+
{
|
|
33428
|
+
"id": "CMMC-2.0-Level-2",
|
|
33429
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
33430
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
33431
|
+
},
|
|
33432
|
+
{
|
|
33433
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
33434
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
33435
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
33436
|
+
},
|
|
33437
|
+
{
|
|
33438
|
+
"id": "IEC-62443-3-3",
|
|
33439
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
33440
|
+
"control_name": "System security requirements and security levels"
|
|
33441
|
+
},
|
|
33442
|
+
{
|
|
33443
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
33444
|
+
"framework": "ISO/IEC 27001:2022",
|
|
33445
|
+
"control_name": "Secure coding"
|
|
33446
|
+
},
|
|
33447
|
+
{
|
|
33448
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
33449
|
+
"framework": "ISO/IEC 27001:2022",
|
|
33450
|
+
"control_name": "Management of technical vulnerabilities"
|
|
33451
|
+
},
|
|
33452
|
+
{
|
|
33453
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
33454
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
33455
|
+
"control_name": "AI risk management process"
|
|
33456
|
+
},
|
|
33457
|
+
{
|
|
33458
|
+
"id": "NERC-CIP-007-6-R4",
|
|
33459
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
33460
|
+
"control_name": "Security event monitoring"
|
|
33461
|
+
},
|
|
33462
|
+
{
|
|
33463
|
+
"id": "NIS2-Art21-patch-management",
|
|
33464
|
+
"framework": "EU NIS2 Directive",
|
|
33465
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
33466
|
+
},
|
|
33467
|
+
{
|
|
33468
|
+
"id": "NIST-800-115",
|
|
33469
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
33470
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
33471
|
+
},
|
|
33472
|
+
{
|
|
33473
|
+
"id": "NIST-800-218-SSDF",
|
|
33474
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
33475
|
+
"control_name": "Secure Software Development Framework"
|
|
33476
|
+
},
|
|
33477
|
+
{
|
|
33478
|
+
"id": "NIST-800-53-AC-2",
|
|
33479
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33480
|
+
"control_name": "Account Management"
|
|
33481
|
+
},
|
|
33482
|
+
{
|
|
33483
|
+
"id": "NIST-800-53-SC-8",
|
|
33484
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33485
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
33486
|
+
},
|
|
33487
|
+
{
|
|
33488
|
+
"id": "NIST-800-53-SI-2",
|
|
33489
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33490
|
+
"control_name": "Flaw Remediation"
|
|
33491
|
+
},
|
|
33492
|
+
{
|
|
33493
|
+
"id": "NIST-800-53-SI-3",
|
|
33494
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33495
|
+
"control_name": "Malicious Code Protection"
|
|
33496
|
+
},
|
|
33497
|
+
{
|
|
33498
|
+
"id": "NIST-800-82r3",
|
|
33499
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
33500
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
33501
|
+
},
|
|
33502
|
+
{
|
|
33503
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
33504
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
33505
|
+
"control_name": "Prompt Injection"
|
|
33506
|
+
},
|
|
33507
|
+
{
|
|
33508
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
33509
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
33510
|
+
"control_name": "Sensitive Information Disclosure"
|
|
33511
|
+
},
|
|
33512
|
+
{
|
|
33513
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
33514
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
33515
|
+
"control_name": "Web application penetration testing methodology"
|
|
33516
|
+
},
|
|
33517
|
+
{
|
|
33518
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
33519
|
+
"framework": "PCI DSS 4.0",
|
|
33520
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
33521
|
+
},
|
|
33522
|
+
{
|
|
33523
|
+
"id": "PTES-Pre-engagement",
|
|
33524
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
33525
|
+
"control_name": "Pre-engagement Interactions"
|
|
33526
|
+
},
|
|
33527
|
+
{
|
|
33528
|
+
"id": "SOC2-CC6-logical-access",
|
|
33529
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
33530
|
+
"control_name": "Logical and Physical Access Controls"
|
|
33531
|
+
},
|
|
33532
|
+
{
|
|
33533
|
+
"id": "SOC2-CC9-vendor-management",
|
|
33534
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
33535
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
33536
|
+
}
|
|
33537
|
+
],
|
|
33538
|
+
"attack_refs": [
|
|
33539
|
+
"T0855",
|
|
33540
|
+
"T0883",
|
|
33541
|
+
"T1059",
|
|
33542
|
+
"T1068",
|
|
33543
|
+
"T1078",
|
|
33544
|
+
"T1133",
|
|
33545
|
+
"T1190",
|
|
33546
|
+
"T1548.001",
|
|
33547
|
+
"T1566"
|
|
33548
|
+
],
|
|
33549
|
+
"rfc_refs": [
|
|
33550
|
+
"RFC-4301",
|
|
33551
|
+
"RFC-4303",
|
|
33552
|
+
"RFC-7296"
|
|
33553
|
+
]
|
|
33554
|
+
}
|
|
33555
|
+
},
|
|
33556
|
+
"CVE-2023-44467": {
|
|
33557
|
+
"name": "LangChain-Experimental PALChain dunder-import Code Execution (CVE-2023-36258 bypass)",
|
|
33558
|
+
"rwep": 27,
|
|
33559
|
+
"cvss": 9.8,
|
|
33560
|
+
"cisa_kev": false,
|
|
33561
|
+
"epss_score": null,
|
|
33562
|
+
"referencing_skills": [
|
|
33563
|
+
"kernel-lpe-triage",
|
|
33564
|
+
"ai-attack-surface",
|
|
33565
|
+
"compliance-theater",
|
|
33566
|
+
"attack-surface-pentest",
|
|
33567
|
+
"ot-ics-security",
|
|
33568
|
+
"coordinated-vuln-disclosure",
|
|
33569
|
+
"sector-energy"
|
|
33570
|
+
],
|
|
33571
|
+
"chain": {
|
|
33572
|
+
"cwes": [
|
|
33573
|
+
{
|
|
33574
|
+
"id": "CWE-1037",
|
|
33575
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
33576
|
+
"category": "Hardware / Side Channel"
|
|
33577
|
+
},
|
|
33578
|
+
{
|
|
33579
|
+
"id": "CWE-1039",
|
|
33580
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
33581
|
+
"category": "AI/ML"
|
|
33582
|
+
},
|
|
33583
|
+
{
|
|
33584
|
+
"id": "CWE-125",
|
|
33585
|
+
"name": "Out-of-bounds Read",
|
|
33586
|
+
"category": "Memory Safety"
|
|
33587
|
+
},
|
|
33588
|
+
{
|
|
33589
|
+
"id": "CWE-1357",
|
|
33590
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
33591
|
+
"category": "Supply Chain"
|
|
33592
|
+
},
|
|
33593
|
+
{
|
|
33594
|
+
"id": "CWE-1395",
|
|
33595
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
33596
|
+
"category": "Supply Chain"
|
|
33597
|
+
},
|
|
33598
|
+
{
|
|
33599
|
+
"id": "CWE-1426",
|
|
33600
|
+
"name": "Improper Validation of Generative AI Output",
|
|
33601
|
+
"category": "AI/ML"
|
|
33602
|
+
},
|
|
33603
|
+
{
|
|
33604
|
+
"id": "CWE-22",
|
|
33605
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
33606
|
+
"category": "Path/Resource"
|
|
33607
|
+
},
|
|
33608
|
+
{
|
|
33609
|
+
"id": "CWE-269",
|
|
33610
|
+
"name": "Improper Privilege Management",
|
|
33611
|
+
"category": "Authorization"
|
|
33612
|
+
},
|
|
33613
|
+
{
|
|
33614
|
+
"id": "CWE-287",
|
|
33615
|
+
"name": "Improper Authentication",
|
|
33616
|
+
"category": "Authentication"
|
|
33617
|
+
},
|
|
33618
|
+
{
|
|
33619
|
+
"id": "CWE-306",
|
|
33620
|
+
"name": "Missing Authentication for Critical Function",
|
|
33621
|
+
"category": "Authentication"
|
|
33622
|
+
},
|
|
33623
|
+
{
|
|
33624
|
+
"id": "CWE-352",
|
|
33625
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
33626
|
+
"category": "Session"
|
|
33627
|
+
},
|
|
33628
|
+
{
|
|
33629
|
+
"id": "CWE-362",
|
|
33630
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
33631
|
+
"category": "Concurrency"
|
|
33632
|
+
},
|
|
33633
|
+
{
|
|
33634
|
+
"id": "CWE-416",
|
|
33635
|
+
"name": "Use After Free",
|
|
33636
|
+
"category": "Memory Safety"
|
|
33637
|
+
},
|
|
33638
|
+
{
|
|
33639
|
+
"id": "CWE-434",
|
|
33640
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
33641
|
+
"category": "File Handling"
|
|
33642
|
+
},
|
|
33643
|
+
{
|
|
33644
|
+
"id": "CWE-672",
|
|
33645
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
33646
|
+
"category": "Memory Safety"
|
|
33647
|
+
},
|
|
33648
|
+
{
|
|
33649
|
+
"id": "CWE-732",
|
|
33650
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
33651
|
+
"category": "Authorization"
|
|
33652
|
+
},
|
|
33653
|
+
{
|
|
33654
|
+
"id": "CWE-78",
|
|
33655
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
33656
|
+
"category": "Injection"
|
|
33657
|
+
},
|
|
33658
|
+
{
|
|
33659
|
+
"id": "CWE-787",
|
|
33660
|
+
"name": "Out-of-bounds Write",
|
|
33661
|
+
"category": "Memory Safety"
|
|
33662
|
+
},
|
|
33663
|
+
{
|
|
33664
|
+
"id": "CWE-79",
|
|
33665
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
33666
|
+
"category": "Injection"
|
|
33667
|
+
},
|
|
33668
|
+
{
|
|
33669
|
+
"id": "CWE-798",
|
|
33670
|
+
"name": "Use of Hard-coded Credentials",
|
|
33671
|
+
"category": "Credentials"
|
|
33672
|
+
},
|
|
33673
|
+
{
|
|
33674
|
+
"id": "CWE-89",
|
|
33675
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
33676
|
+
"category": "Injection"
|
|
33677
|
+
},
|
|
33678
|
+
{
|
|
33679
|
+
"id": "CWE-918",
|
|
33680
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
33681
|
+
"category": "Network"
|
|
33682
|
+
},
|
|
33683
|
+
{
|
|
33684
|
+
"id": "CWE-94",
|
|
33685
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
33686
|
+
"category": "Injection"
|
|
33687
|
+
}
|
|
33688
|
+
],
|
|
33689
|
+
"atlas": [
|
|
33690
|
+
{
|
|
33691
|
+
"id": "AML.T0010",
|
|
33692
|
+
"name": "ML Supply Chain Compromise",
|
|
33693
|
+
"tactic": "Initial Access"
|
|
33694
|
+
},
|
|
33695
|
+
{
|
|
33696
|
+
"id": "AML.T0016",
|
|
33697
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
33698
|
+
"tactic": "Resource Development"
|
|
33699
|
+
},
|
|
33700
|
+
{
|
|
33701
|
+
"id": "AML.T0017",
|
|
33702
|
+
"name": "Discover ML Model Ontology",
|
|
33703
|
+
"tactic": "Discovery"
|
|
33704
|
+
},
|
|
33705
|
+
{
|
|
33706
|
+
"id": "AML.T0018",
|
|
33707
|
+
"name": "Backdoor ML Model",
|
|
33708
|
+
"tactic": "Persistence"
|
|
33709
|
+
},
|
|
33710
|
+
{
|
|
33711
|
+
"id": "AML.T0020",
|
|
33712
|
+
"name": "Poison Training Data",
|
|
33713
|
+
"tactic": "ML Attack Staging"
|
|
33714
|
+
},
|
|
33715
|
+
{
|
|
33716
|
+
"id": "AML.T0043",
|
|
33717
|
+
"name": "Craft Adversarial Data",
|
|
33718
|
+
"tactic": "ML Attack Staging"
|
|
33719
|
+
},
|
|
33720
|
+
{
|
|
33721
|
+
"id": "AML.T0051",
|
|
33722
|
+
"name": "LLM Prompt Injection",
|
|
33723
|
+
"tactic": "Execution"
|
|
33724
|
+
},
|
|
33725
|
+
{
|
|
33726
|
+
"id": "AML.T0054",
|
|
33727
|
+
"name": "LLM Jailbreak",
|
|
33728
|
+
"tactic": "Defense Evasion"
|
|
33729
|
+
},
|
|
33730
|
+
{
|
|
33731
|
+
"id": "AML.T0096",
|
|
33732
|
+
"name": "AI API as Covert C2 Channel",
|
|
33733
|
+
"tactic": "Command and Control"
|
|
33734
|
+
}
|
|
33735
|
+
],
|
|
33736
|
+
"d3fend": [
|
|
33737
|
+
{
|
|
33738
|
+
"id": "D3-ASLR",
|
|
33739
|
+
"name": "Address Space Layout Randomization",
|
|
33740
|
+
"tactic": "Harden"
|
|
33741
|
+
},
|
|
33742
|
+
{
|
|
33743
|
+
"id": "D3-CSPP",
|
|
33744
|
+
"name": "Client-server Payload Profiling",
|
|
33745
|
+
"tactic": "Detect"
|
|
33746
|
+
},
|
|
33747
|
+
{
|
|
33748
|
+
"id": "D3-EAL",
|
|
33749
|
+
"name": "Executable Allowlisting",
|
|
33750
|
+
"tactic": "Harden"
|
|
33751
|
+
},
|
|
33752
|
+
{
|
|
33753
|
+
"id": "D3-IOPR",
|
|
33754
|
+
"name": "Input/Output Profiling Resource",
|
|
33755
|
+
"tactic": "Detect"
|
|
33756
|
+
},
|
|
33757
|
+
{
|
|
33758
|
+
"id": "D3-NTA",
|
|
33759
|
+
"name": "Network Traffic Analysis",
|
|
33760
|
+
"tactic": "Detect"
|
|
33761
|
+
},
|
|
33762
|
+
{
|
|
33763
|
+
"id": "D3-PHRA",
|
|
33764
|
+
"name": "Process Hardware Resource Access",
|
|
33765
|
+
"tactic": "Isolate"
|
|
33766
|
+
},
|
|
33767
|
+
{
|
|
33768
|
+
"id": "D3-PSEP",
|
|
33769
|
+
"name": "Process Segment Execution Prevention",
|
|
33770
|
+
"tactic": "Harden"
|
|
33771
|
+
}
|
|
33772
|
+
],
|
|
33773
|
+
"framework_gaps": [
|
|
33774
|
+
{
|
|
33775
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
33776
|
+
"framework": "ALL",
|
|
33777
|
+
"control_name": "AI Pipeline Integrity"
|
|
33778
|
+
},
|
|
33779
|
+
{
|
|
33780
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
33781
|
+
"framework": "ALL",
|
|
33782
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
33783
|
+
},
|
|
33784
|
+
{
|
|
33785
|
+
"id": "CIS-Controls-v8-Control7",
|
|
33786
|
+
"framework": "CIS Controls v8",
|
|
33787
|
+
"control_name": "Continuous Vulnerability Management"
|
|
33788
|
+
},
|
|
33789
|
+
{
|
|
33790
|
+
"id": "CMMC-2.0-Level-2",
|
|
33791
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
33792
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
33793
|
+
},
|
|
33794
|
+
{
|
|
33795
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
33796
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
33797
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
33798
|
+
},
|
|
33799
|
+
{
|
|
33800
|
+
"id": "IEC-62443-3-3",
|
|
33801
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
33802
|
+
"control_name": "System security requirements and security levels"
|
|
33803
|
+
},
|
|
33804
|
+
{
|
|
33805
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
33806
|
+
"framework": "ISO/IEC 27001:2022",
|
|
33807
|
+
"control_name": "Secure coding"
|
|
33808
|
+
},
|
|
33809
|
+
{
|
|
33810
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
33811
|
+
"framework": "ISO/IEC 27001:2022",
|
|
33812
|
+
"control_name": "Management of technical vulnerabilities"
|
|
33813
|
+
},
|
|
33814
|
+
{
|
|
33815
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
33816
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
33817
|
+
"control_name": "AI risk management process"
|
|
33818
|
+
},
|
|
33819
|
+
{
|
|
33820
|
+
"id": "NERC-CIP-007-6-R4",
|
|
33821
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
33822
|
+
"control_name": "Security event monitoring"
|
|
33823
|
+
},
|
|
33824
|
+
{
|
|
33825
|
+
"id": "NIS2-Art21-patch-management",
|
|
33826
|
+
"framework": "EU NIS2 Directive",
|
|
33827
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
33828
|
+
},
|
|
33829
|
+
{
|
|
33830
|
+
"id": "NIST-800-115",
|
|
33831
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
33832
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
33833
|
+
},
|
|
33834
|
+
{
|
|
33835
|
+
"id": "NIST-800-218-SSDF",
|
|
33836
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
33837
|
+
"control_name": "Secure Software Development Framework"
|
|
33838
|
+
},
|
|
33839
|
+
{
|
|
33840
|
+
"id": "NIST-800-53-AC-2",
|
|
33841
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33842
|
+
"control_name": "Account Management"
|
|
33843
|
+
},
|
|
33844
|
+
{
|
|
33845
|
+
"id": "NIST-800-53-SC-8",
|
|
33846
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33847
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
33848
|
+
},
|
|
33849
|
+
{
|
|
33850
|
+
"id": "NIST-800-53-SI-2",
|
|
33851
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33852
|
+
"control_name": "Flaw Remediation"
|
|
33853
|
+
},
|
|
33854
|
+
{
|
|
33855
|
+
"id": "NIST-800-53-SI-3",
|
|
33856
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
33857
|
+
"control_name": "Malicious Code Protection"
|
|
33858
|
+
},
|
|
33859
|
+
{
|
|
33860
|
+
"id": "NIST-800-82r3",
|
|
33861
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
33862
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
33863
|
+
},
|
|
33864
|
+
{
|
|
33865
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
33866
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
33867
|
+
"control_name": "Prompt Injection"
|
|
33868
|
+
},
|
|
33869
|
+
{
|
|
33870
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
33871
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
33872
|
+
"control_name": "Sensitive Information Disclosure"
|
|
33873
|
+
},
|
|
33874
|
+
{
|
|
33875
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
33876
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
33877
|
+
"control_name": "Web application penetration testing methodology"
|
|
33878
|
+
},
|
|
33879
|
+
{
|
|
33880
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
33881
|
+
"framework": "PCI DSS 4.0",
|
|
33882
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
33883
|
+
},
|
|
33884
|
+
{
|
|
33885
|
+
"id": "PTES-Pre-engagement",
|
|
33886
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
33887
|
+
"control_name": "Pre-engagement Interactions"
|
|
33888
|
+
},
|
|
33889
|
+
{
|
|
33890
|
+
"id": "SOC2-CC6-logical-access",
|
|
33891
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
33892
|
+
"control_name": "Logical and Physical Access Controls"
|
|
33893
|
+
},
|
|
33894
|
+
{
|
|
33895
|
+
"id": "SOC2-CC9-vendor-management",
|
|
33896
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
33897
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
33898
|
+
}
|
|
33899
|
+
],
|
|
33900
|
+
"attack_refs": [
|
|
33901
|
+
"T0855",
|
|
33902
|
+
"T0883",
|
|
33903
|
+
"T1059",
|
|
33904
|
+
"T1068",
|
|
33905
|
+
"T1078",
|
|
33906
|
+
"T1133",
|
|
33907
|
+
"T1190",
|
|
33908
|
+
"T1548.001",
|
|
33909
|
+
"T1566"
|
|
33910
|
+
],
|
|
33911
|
+
"rfc_refs": [
|
|
33912
|
+
"RFC-4301",
|
|
33913
|
+
"RFC-4303",
|
|
33914
|
+
"RFC-7296"
|
|
33915
|
+
]
|
|
33916
|
+
}
|
|
33917
|
+
},
|
|
32330
33918
|
"CVE-2026-41091": {
|
|
32331
33919
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
32332
33920
|
"rwep": 45,
|
|
@@ -58705,6 +60293,7 @@
|
|
|
58705
60293
|
"CVE-2022-1471",
|
|
58706
60294
|
"CVE-2023-43472",
|
|
58707
60295
|
"CVE-2023-43654",
|
|
60296
|
+
"CVE-2023-44467",
|
|
58708
60297
|
"CVE-2023-48022",
|
|
58709
60298
|
"CVE-2023-51449",
|
|
58710
60299
|
"CVE-2024-0132",
|
|
@@ -58712,6 +60301,9 @@
|
|
|
58712
60301
|
"CVE-2024-11393",
|
|
58713
60302
|
"CVE-2024-11394",
|
|
58714
60303
|
"CVE-2024-1561",
|
|
60304
|
+
"CVE-2024-21513",
|
|
60305
|
+
"CVE-2024-21575",
|
|
60306
|
+
"CVE-2024-21576",
|
|
58715
60307
|
"CVE-2024-27132",
|
|
58716
60308
|
"CVE-2024-3094",
|
|
58717
60309
|
"CVE-2024-3154",
|
|
@@ -59096,6 +60688,7 @@
|
|
|
59096
60688
|
"CVE-2022-1471",
|
|
59097
60689
|
"CVE-2023-43472",
|
|
59098
60690
|
"CVE-2023-43654",
|
|
60691
|
+
"CVE-2023-44467",
|
|
59099
60692
|
"CVE-2023-48022",
|
|
59100
60693
|
"CVE-2023-51449",
|
|
59101
60694
|
"CVE-2024-0132",
|
|
@@ -59103,6 +60696,9 @@
|
|
|
59103
60696
|
"CVE-2024-11393",
|
|
59104
60697
|
"CVE-2024-11394",
|
|
59105
60698
|
"CVE-2024-1561",
|
|
60699
|
+
"CVE-2024-21513",
|
|
60700
|
+
"CVE-2024-21575",
|
|
60701
|
+
"CVE-2024-21576",
|
|
59106
60702
|
"CVE-2024-27132",
|
|
59107
60703
|
"CVE-2024-37032",
|
|
59108
60704
|
"CVE-2024-39722",
|
|
@@ -59278,6 +60874,7 @@
|
|
|
59278
60874
|
"CVE-2022-1471",
|
|
59279
60875
|
"CVE-2023-43472",
|
|
59280
60876
|
"CVE-2023-43654",
|
|
60877
|
+
"CVE-2023-44467",
|
|
59281
60878
|
"CVE-2023-48022",
|
|
59282
60879
|
"CVE-2023-51449",
|
|
59283
60880
|
"CVE-2024-0132",
|
|
@@ -59285,6 +60882,9 @@
|
|
|
59285
60882
|
"CVE-2024-11393",
|
|
59286
60883
|
"CVE-2024-11394",
|
|
59287
60884
|
"CVE-2024-1561",
|
|
60885
|
+
"CVE-2024-21513",
|
|
60886
|
+
"CVE-2024-21575",
|
|
60887
|
+
"CVE-2024-21576",
|
|
59288
60888
|
"CVE-2024-27132",
|
|
59289
60889
|
"CVE-2024-37032",
|
|
59290
60890
|
"CVE-2024-39722",
|
|
@@ -59474,6 +61074,7 @@
|
|
|
59474
61074
|
"CVE-2022-1471",
|
|
59475
61075
|
"CVE-2023-43472",
|
|
59476
61076
|
"CVE-2023-43654",
|
|
61077
|
+
"CVE-2023-44467",
|
|
59477
61078
|
"CVE-2023-48022",
|
|
59478
61079
|
"CVE-2023-51449",
|
|
59479
61080
|
"CVE-2024-0132",
|
|
@@ -59481,6 +61082,9 @@
|
|
|
59481
61082
|
"CVE-2024-11393",
|
|
59482
61083
|
"CVE-2024-11394",
|
|
59483
61084
|
"CVE-2024-1561",
|
|
61085
|
+
"CVE-2024-21513",
|
|
61086
|
+
"CVE-2024-21575",
|
|
61087
|
+
"CVE-2024-21576",
|
|
59484
61088
|
"CVE-2024-27132",
|
|
59485
61089
|
"CVE-2024-37032",
|
|
59486
61090
|
"CVE-2024-39722",
|
|
@@ -59774,6 +61378,7 @@
|
|
|
59774
61378
|
"CVE-2022-1471",
|
|
59775
61379
|
"CVE-2023-43472",
|
|
59776
61380
|
"CVE-2023-43654",
|
|
61381
|
+
"CVE-2023-44467",
|
|
59777
61382
|
"CVE-2023-48022",
|
|
59778
61383
|
"CVE-2023-51449",
|
|
59779
61384
|
"CVE-2024-0132",
|
|
@@ -59781,6 +61386,9 @@
|
|
|
59781
61386
|
"CVE-2024-11393",
|
|
59782
61387
|
"CVE-2024-11394",
|
|
59783
61388
|
"CVE-2024-1561",
|
|
61389
|
+
"CVE-2024-21513",
|
|
61390
|
+
"CVE-2024-21575",
|
|
61391
|
+
"CVE-2024-21576",
|
|
59784
61392
|
"CVE-2024-27132",
|
|
59785
61393
|
"CVE-2024-3094",
|
|
59786
61394
|
"CVE-2024-3154",
|
|
@@ -60028,6 +61636,7 @@
|
|
|
60028
61636
|
"CVE-2023-41974",
|
|
60029
61637
|
"CVE-2023-43000",
|
|
60030
61638
|
"CVE-2023-43654",
|
|
61639
|
+
"CVE-2023-44467",
|
|
60031
61640
|
"CVE-2023-48022",
|
|
60032
61641
|
"CVE-2023-50224",
|
|
60033
61642
|
"CVE-2023-51449",
|
|
@@ -60041,6 +61650,9 @@
|
|
|
60041
61650
|
"CVE-2024-12987",
|
|
60042
61651
|
"CVE-2024-1561",
|
|
60043
61652
|
"CVE-2024-1708",
|
|
61653
|
+
"CVE-2024-21513",
|
|
61654
|
+
"CVE-2024-21575",
|
|
61655
|
+
"CVE-2024-21576",
|
|
60044
61656
|
"CVE-2024-21762",
|
|
60045
61657
|
"CVE-2024-27132",
|
|
60046
61658
|
"CVE-2024-27199",
|
|
@@ -60508,6 +62120,8 @@
|
|
|
60508
62120
|
"CVE-2023-51449",
|
|
60509
62121
|
"CVE-2024-0132",
|
|
60510
62122
|
"CVE-2024-1561",
|
|
62123
|
+
"CVE-2024-21575",
|
|
62124
|
+
"CVE-2024-21576",
|
|
60511
62125
|
"CVE-2024-3094",
|
|
60512
62126
|
"CVE-2024-3154",
|
|
60513
62127
|
"CVE-2024-40635",
|
|
@@ -60872,6 +62486,7 @@
|
|
|
60872
62486
|
"CVE-2022-1471",
|
|
60873
62487
|
"CVE-2023-43472",
|
|
60874
62488
|
"CVE-2023-43654",
|
|
62489
|
+
"CVE-2023-44467",
|
|
60875
62490
|
"CVE-2023-48022",
|
|
60876
62491
|
"CVE-2023-51449",
|
|
60877
62492
|
"CVE-2024-0132",
|
|
@@ -60879,6 +62494,9 @@
|
|
|
60879
62494
|
"CVE-2024-11393",
|
|
60880
62495
|
"CVE-2024-11394",
|
|
60881
62496
|
"CVE-2024-1561",
|
|
62497
|
+
"CVE-2024-21513",
|
|
62498
|
+
"CVE-2024-21575",
|
|
62499
|
+
"CVE-2024-21576",
|
|
60882
62500
|
"CVE-2024-27132",
|
|
60883
62501
|
"CVE-2024-3094",
|
|
60884
62502
|
"CVE-2024-3154",
|
|
@@ -61493,6 +63111,7 @@
|
|
|
61493
63111
|
"CVE-2022-1471",
|
|
61494
63112
|
"CVE-2023-43472",
|
|
61495
63113
|
"CVE-2023-43654",
|
|
63114
|
+
"CVE-2023-44467",
|
|
61496
63115
|
"CVE-2023-48022",
|
|
61497
63116
|
"CVE-2023-51449",
|
|
61498
63117
|
"CVE-2024-0132",
|
|
@@ -61500,6 +63119,9 @@
|
|
|
61500
63119
|
"CVE-2024-11393",
|
|
61501
63120
|
"CVE-2024-11394",
|
|
61502
63121
|
"CVE-2024-1561",
|
|
63122
|
+
"CVE-2024-21513",
|
|
63123
|
+
"CVE-2024-21575",
|
|
63124
|
+
"CVE-2024-21576",
|
|
61503
63125
|
"CVE-2024-27132",
|
|
61504
63126
|
"CVE-2024-3094",
|
|
61505
63127
|
"CVE-2024-3154",
|
|
@@ -61752,6 +63374,7 @@
|
|
|
61752
63374
|
"related_cves": [
|
|
61753
63375
|
"CVE-2022-1471",
|
|
61754
63376
|
"CVE-2023-43654",
|
|
63377
|
+
"CVE-2023-44467",
|
|
61755
63378
|
"CVE-2023-48022",
|
|
61756
63379
|
"CVE-2023-51449",
|
|
61757
63380
|
"CVE-2024-0132",
|
|
@@ -61759,6 +63382,9 @@
|
|
|
61759
63382
|
"CVE-2024-11393",
|
|
61760
63383
|
"CVE-2024-11394",
|
|
61761
63384
|
"CVE-2024-1561",
|
|
63385
|
+
"CVE-2024-21513",
|
|
63386
|
+
"CVE-2024-21575",
|
|
63387
|
+
"CVE-2024-21576",
|
|
61762
63388
|
"CVE-2024-27132",
|
|
61763
63389
|
"CVE-2024-3094",
|
|
61764
63390
|
"CVE-2024-37032",
|
|
@@ -62437,6 +64063,7 @@
|
|
|
62437
64063
|
"CVE-2022-1471",
|
|
62438
64064
|
"CVE-2023-43472",
|
|
62439
64065
|
"CVE-2023-43654",
|
|
64066
|
+
"CVE-2023-44467",
|
|
62440
64067
|
"CVE-2023-48022",
|
|
62441
64068
|
"CVE-2023-51449",
|
|
62442
64069
|
"CVE-2024-0132",
|
|
@@ -62444,6 +64071,9 @@
|
|
|
62444
64071
|
"CVE-2024-11393",
|
|
62445
64072
|
"CVE-2024-11394",
|
|
62446
64073
|
"CVE-2024-1561",
|
|
64074
|
+
"CVE-2024-21513",
|
|
64075
|
+
"CVE-2024-21575",
|
|
64076
|
+
"CVE-2024-21576",
|
|
62447
64077
|
"CVE-2024-27132",
|
|
62448
64078
|
"CVE-2024-3094",
|
|
62449
64079
|
"CVE-2024-3154",
|
|
@@ -62698,6 +64328,7 @@
|
|
|
62698
64328
|
"CVE-2023-41974",
|
|
62699
64329
|
"CVE-2023-43000",
|
|
62700
64330
|
"CVE-2023-43654",
|
|
64331
|
+
"CVE-2023-44467",
|
|
62701
64332
|
"CVE-2023-48022",
|
|
62702
64333
|
"CVE-2023-50224",
|
|
62703
64334
|
"CVE-2023-51449",
|
|
@@ -62711,6 +64342,9 @@
|
|
|
62711
64342
|
"CVE-2024-12987",
|
|
62712
64343
|
"CVE-2024-1561",
|
|
62713
64344
|
"CVE-2024-1708",
|
|
64345
|
+
"CVE-2024-21513",
|
|
64346
|
+
"CVE-2024-21575",
|
|
64347
|
+
"CVE-2024-21576",
|
|
62714
64348
|
"CVE-2024-21762",
|
|
62715
64349
|
"CVE-2024-27132",
|
|
62716
64350
|
"CVE-2024-27199",
|
|
@@ -63140,6 +64774,7 @@
|
|
|
63140
64774
|
"CVE-2023-41974",
|
|
63141
64775
|
"CVE-2023-43000",
|
|
63142
64776
|
"CVE-2023-43654",
|
|
64777
|
+
"CVE-2023-44467",
|
|
63143
64778
|
"CVE-2023-48022",
|
|
63144
64779
|
"CVE-2023-50224",
|
|
63145
64780
|
"CVE-2023-51449",
|
|
@@ -63153,6 +64788,9 @@
|
|
|
63153
64788
|
"CVE-2024-12987",
|
|
63154
64789
|
"CVE-2024-1561",
|
|
63155
64790
|
"CVE-2024-1708",
|
|
64791
|
+
"CVE-2024-21513",
|
|
64792
|
+
"CVE-2024-21575",
|
|
64793
|
+
"CVE-2024-21576",
|
|
63156
64794
|
"CVE-2024-21762",
|
|
63157
64795
|
"CVE-2024-27132",
|
|
63158
64796
|
"CVE-2024-27199",
|
|
@@ -63615,6 +65253,7 @@
|
|
|
63615
65253
|
"CVE-2022-1471",
|
|
63616
65254
|
"CVE-2023-43472",
|
|
63617
65255
|
"CVE-2023-43654",
|
|
65256
|
+
"CVE-2023-44467",
|
|
63618
65257
|
"CVE-2023-48022",
|
|
63619
65258
|
"CVE-2023-51449",
|
|
63620
65259
|
"CVE-2024-0132",
|
|
@@ -63622,6 +65261,9 @@
|
|
|
63622
65261
|
"CVE-2024-11393",
|
|
63623
65262
|
"CVE-2024-11394",
|
|
63624
65263
|
"CVE-2024-1561",
|
|
65264
|
+
"CVE-2024-21513",
|
|
65265
|
+
"CVE-2024-21575",
|
|
65266
|
+
"CVE-2024-21576",
|
|
63625
65267
|
"CVE-2024-27132",
|
|
63626
65268
|
"CVE-2024-3094",
|
|
63627
65269
|
"CVE-2024-3154",
|
|
@@ -64428,6 +66070,7 @@
|
|
|
64428
66070
|
"CVE-2023-41974",
|
|
64429
66071
|
"CVE-2023-43000",
|
|
64430
66072
|
"CVE-2023-43654",
|
|
66073
|
+
"CVE-2023-44467",
|
|
64431
66074
|
"CVE-2023-48022",
|
|
64432
66075
|
"CVE-2023-50224",
|
|
64433
66076
|
"CVE-2023-51449",
|
|
@@ -64441,6 +66084,9 @@
|
|
|
64441
66084
|
"CVE-2024-12987",
|
|
64442
66085
|
"CVE-2024-1561",
|
|
64443
66086
|
"CVE-2024-1708",
|
|
66087
|
+
"CVE-2024-21513",
|
|
66088
|
+
"CVE-2024-21575",
|
|
66089
|
+
"CVE-2024-21576",
|
|
64444
66090
|
"CVE-2024-21762",
|
|
64445
66091
|
"CVE-2024-27132",
|
|
64446
66092
|
"CVE-2024-27199",
|
|
@@ -64967,6 +66613,7 @@
|
|
|
64967
66613
|
"CVE-2022-1471",
|
|
64968
66614
|
"CVE-2023-43472",
|
|
64969
66615
|
"CVE-2023-43654",
|
|
66616
|
+
"CVE-2023-44467",
|
|
64970
66617
|
"CVE-2023-48022",
|
|
64971
66618
|
"CVE-2023-51449",
|
|
64972
66619
|
"CVE-2024-0132",
|
|
@@ -64974,6 +66621,9 @@
|
|
|
64974
66621
|
"CVE-2024-11393",
|
|
64975
66622
|
"CVE-2024-11394",
|
|
64976
66623
|
"CVE-2024-1561",
|
|
66624
|
+
"CVE-2024-21513",
|
|
66625
|
+
"CVE-2024-21575",
|
|
66626
|
+
"CVE-2024-21576",
|
|
64977
66627
|
"CVE-2024-27132",
|
|
64978
66628
|
"CVE-2024-3094",
|
|
64979
66629
|
"CVE-2024-3154",
|
|
@@ -65306,6 +66956,7 @@
|
|
|
65306
66956
|
"CVE-2023-43000",
|
|
65307
66957
|
"CVE-2023-43472",
|
|
65308
66958
|
"CVE-2023-43654",
|
|
66959
|
+
"CVE-2023-44467",
|
|
65309
66960
|
"CVE-2023-48022",
|
|
65310
66961
|
"CVE-2023-50224",
|
|
65311
66962
|
"CVE-2023-51449",
|
|
@@ -65319,6 +66970,9 @@
|
|
|
65319
66970
|
"CVE-2024-12987",
|
|
65320
66971
|
"CVE-2024-1561",
|
|
65321
66972
|
"CVE-2024-1708",
|
|
66973
|
+
"CVE-2024-21513",
|
|
66974
|
+
"CVE-2024-21575",
|
|
66975
|
+
"CVE-2024-21576",
|
|
65322
66976
|
"CVE-2024-21762",
|
|
65323
66977
|
"CVE-2024-27132",
|
|
65324
66978
|
"CVE-2024-27199",
|
|
@@ -65864,6 +67518,7 @@
|
|
|
65864
67518
|
"BUG-2026-NIGHTMARE-ECLIPSE-GREENPLASMA",
|
|
65865
67519
|
"CVE-2022-1471",
|
|
65866
67520
|
"CVE-2023-43654",
|
|
67521
|
+
"CVE-2023-44467",
|
|
65867
67522
|
"CVE-2023-48022",
|
|
65868
67523
|
"CVE-2023-51449",
|
|
65869
67524
|
"CVE-2024-0132",
|
|
@@ -65871,6 +67526,9 @@
|
|
|
65871
67526
|
"CVE-2024-11393",
|
|
65872
67527
|
"CVE-2024-11394",
|
|
65873
67528
|
"CVE-2024-1561",
|
|
67529
|
+
"CVE-2024-21513",
|
|
67530
|
+
"CVE-2024-21575",
|
|
67531
|
+
"CVE-2024-21576",
|
|
65874
67532
|
"CVE-2024-27132",
|
|
65875
67533
|
"CVE-2024-3094",
|
|
65876
67534
|
"CVE-2024-3154",
|
|
@@ -66820,6 +68478,7 @@
|
|
|
66820
68478
|
"CVE-2022-1471",
|
|
66821
68479
|
"CVE-2023-43472",
|
|
66822
68480
|
"CVE-2023-43654",
|
|
68481
|
+
"CVE-2023-44467",
|
|
66823
68482
|
"CVE-2023-48022",
|
|
66824
68483
|
"CVE-2023-51449",
|
|
66825
68484
|
"CVE-2024-0132",
|
|
@@ -66827,6 +68486,9 @@
|
|
|
66827
68486
|
"CVE-2024-11393",
|
|
66828
68487
|
"CVE-2024-11394",
|
|
66829
68488
|
"CVE-2024-1561",
|
|
68489
|
+
"CVE-2024-21513",
|
|
68490
|
+
"CVE-2024-21575",
|
|
68491
|
+
"CVE-2024-21576",
|
|
66830
68492
|
"CVE-2024-27132",
|
|
66831
68493
|
"CVE-2024-3094",
|
|
66832
68494
|
"CVE-2024-3154",
|
|
@@ -66940,6 +68602,7 @@
|
|
|
66940
68602
|
"related_cves": [
|
|
66941
68603
|
"CVE-2022-1471",
|
|
66942
68604
|
"CVE-2023-43654",
|
|
68605
|
+
"CVE-2023-44467",
|
|
66943
68606
|
"CVE-2023-48022",
|
|
66944
68607
|
"CVE-2023-51449",
|
|
66945
68608
|
"CVE-2024-0132",
|
|
@@ -66947,6 +68610,9 @@
|
|
|
66947
68610
|
"CVE-2024-11393",
|
|
66948
68611
|
"CVE-2024-11394",
|
|
66949
68612
|
"CVE-2024-1561",
|
|
68613
|
+
"CVE-2024-21513",
|
|
68614
|
+
"CVE-2024-21575",
|
|
68615
|
+
"CVE-2024-21576",
|
|
66950
68616
|
"CVE-2024-27132",
|
|
66951
68617
|
"CVE-2024-37032",
|
|
66952
68618
|
"CVE-2024-39722",
|
|
@@ -67130,6 +68796,7 @@
|
|
|
67130
68796
|
"CVE-2022-1471",
|
|
67131
68797
|
"CVE-2023-43472",
|
|
67132
68798
|
"CVE-2023-43654",
|
|
68799
|
+
"CVE-2023-44467",
|
|
67133
68800
|
"CVE-2023-48022",
|
|
67134
68801
|
"CVE-2023-51449",
|
|
67135
68802
|
"CVE-2024-0132",
|
|
@@ -67137,6 +68804,9 @@
|
|
|
67137
68804
|
"CVE-2024-11393",
|
|
67138
68805
|
"CVE-2024-11394",
|
|
67139
68806
|
"CVE-2024-1561",
|
|
68807
|
+
"CVE-2024-21513",
|
|
68808
|
+
"CVE-2024-21575",
|
|
68809
|
+
"CVE-2024-21576",
|
|
67140
68810
|
"CVE-2024-27132",
|
|
67141
68811
|
"CVE-2024-37032",
|
|
67142
68812
|
"CVE-2024-39722",
|
|
@@ -67569,6 +69239,7 @@
|
|
|
67569
69239
|
"CVE-2023-41974",
|
|
67570
69240
|
"CVE-2023-43000",
|
|
67571
69241
|
"CVE-2023-43654",
|
|
69242
|
+
"CVE-2023-44467",
|
|
67572
69243
|
"CVE-2023-50224",
|
|
67573
69244
|
"CVE-2023-51449",
|
|
67574
69245
|
"CVE-2023-52163",
|
|
@@ -67580,6 +69251,9 @@
|
|
|
67580
69251
|
"CVE-2024-12987",
|
|
67581
69252
|
"CVE-2024-1561",
|
|
67582
69253
|
"CVE-2024-1708",
|
|
69254
|
+
"CVE-2024-21513",
|
|
69255
|
+
"CVE-2024-21575",
|
|
69256
|
+
"CVE-2024-21576",
|
|
67583
69257
|
"CVE-2024-21762",
|
|
67584
69258
|
"CVE-2024-27132",
|
|
67585
69259
|
"CVE-2024-27199",
|
|
@@ -68032,6 +69706,7 @@
|
|
|
68032
69706
|
"CVE-2022-1471",
|
|
68033
69707
|
"CVE-2023-43472",
|
|
68034
69708
|
"CVE-2023-43654",
|
|
69709
|
+
"CVE-2023-44467",
|
|
68035
69710
|
"CVE-2023-48022",
|
|
68036
69711
|
"CVE-2023-51449",
|
|
68037
69712
|
"CVE-2024-0132",
|
|
@@ -68039,6 +69714,9 @@
|
|
|
68039
69714
|
"CVE-2024-11393",
|
|
68040
69715
|
"CVE-2024-11394",
|
|
68041
69716
|
"CVE-2024-1561",
|
|
69717
|
+
"CVE-2024-21513",
|
|
69718
|
+
"CVE-2024-21575",
|
|
69719
|
+
"CVE-2024-21576",
|
|
68042
69720
|
"CVE-2024-27132",
|
|
68043
69721
|
"CVE-2024-3094",
|
|
68044
69722
|
"CVE-2024-3154",
|
|
@@ -68345,6 +70023,7 @@
|
|
|
68345
70023
|
"CVE-2022-1471",
|
|
68346
70024
|
"CVE-2023-43472",
|
|
68347
70025
|
"CVE-2023-43654",
|
|
70026
|
+
"CVE-2023-44467",
|
|
68348
70027
|
"CVE-2023-48022",
|
|
68349
70028
|
"CVE-2023-51449",
|
|
68350
70029
|
"CVE-2024-0132",
|
|
@@ -68352,6 +70031,9 @@
|
|
|
68352
70031
|
"CVE-2024-11393",
|
|
68353
70032
|
"CVE-2024-11394",
|
|
68354
70033
|
"CVE-2024-1561",
|
|
70034
|
+
"CVE-2024-21513",
|
|
70035
|
+
"CVE-2024-21575",
|
|
70036
|
+
"CVE-2024-21576",
|
|
68355
70037
|
"CVE-2024-27132",
|
|
68356
70038
|
"CVE-2024-3094",
|
|
68357
70039
|
"CVE-2024-37032",
|