@blamejs/exceptd-skills 0.13.97 → 0.13.98
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/data/_indexes/_meta.json +9 -9
- package/data/_indexes/activity-feed.json +2 -2
- package/data/_indexes/catalog-summaries.json +2 -2
- package/data/_indexes/chains.json +770 -0
- package/data/atlas-ttps.json +2 -0
- package/data/attack-techniques.json +4 -0
- package/data/cve-catalog.json +208 -0
- package/data/cwe-catalog.json +2 -0
- package/data/framework-control-gaps.json +16 -0
- package/data/zeroday-lessons.json +100 -0
- package/manifest.json +44 -44
- package/package.json +2 -2
- package/sbom.cdx.json +25 -25
|
@@ -36087,6 +36087,730 @@
|
|
|
36087
36087
|
]
|
|
36088
36088
|
}
|
|
36089
36089
|
},
|
|
36090
|
+
"CVE-2023-6019": {
|
|
36091
|
+
"name": "Anyscale Ray Dashboard cpu_profile Command Injection RCE",
|
|
36092
|
+
"rwep": 31,
|
|
36093
|
+
"cvss": 9.8,
|
|
36094
|
+
"cisa_kev": false,
|
|
36095
|
+
"epss_score": null,
|
|
36096
|
+
"referencing_skills": [
|
|
36097
|
+
"kernel-lpe-triage",
|
|
36098
|
+
"ai-attack-surface",
|
|
36099
|
+
"compliance-theater",
|
|
36100
|
+
"attack-surface-pentest",
|
|
36101
|
+
"ot-ics-security",
|
|
36102
|
+
"coordinated-vuln-disclosure",
|
|
36103
|
+
"sector-energy"
|
|
36104
|
+
],
|
|
36105
|
+
"chain": {
|
|
36106
|
+
"cwes": [
|
|
36107
|
+
{
|
|
36108
|
+
"id": "CWE-1037",
|
|
36109
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
36110
|
+
"category": "Hardware / Side Channel"
|
|
36111
|
+
},
|
|
36112
|
+
{
|
|
36113
|
+
"id": "CWE-1039",
|
|
36114
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
36115
|
+
"category": "AI/ML"
|
|
36116
|
+
},
|
|
36117
|
+
{
|
|
36118
|
+
"id": "CWE-125",
|
|
36119
|
+
"name": "Out-of-bounds Read",
|
|
36120
|
+
"category": "Memory Safety"
|
|
36121
|
+
},
|
|
36122
|
+
{
|
|
36123
|
+
"id": "CWE-1357",
|
|
36124
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
36125
|
+
"category": "Supply Chain"
|
|
36126
|
+
},
|
|
36127
|
+
{
|
|
36128
|
+
"id": "CWE-1395",
|
|
36129
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
36130
|
+
"category": "Supply Chain"
|
|
36131
|
+
},
|
|
36132
|
+
{
|
|
36133
|
+
"id": "CWE-1426",
|
|
36134
|
+
"name": "Improper Validation of Generative AI Output",
|
|
36135
|
+
"category": "AI/ML"
|
|
36136
|
+
},
|
|
36137
|
+
{
|
|
36138
|
+
"id": "CWE-22",
|
|
36139
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
36140
|
+
"category": "Path/Resource"
|
|
36141
|
+
},
|
|
36142
|
+
{
|
|
36143
|
+
"id": "CWE-269",
|
|
36144
|
+
"name": "Improper Privilege Management",
|
|
36145
|
+
"category": "Authorization"
|
|
36146
|
+
},
|
|
36147
|
+
{
|
|
36148
|
+
"id": "CWE-287",
|
|
36149
|
+
"name": "Improper Authentication",
|
|
36150
|
+
"category": "Authentication"
|
|
36151
|
+
},
|
|
36152
|
+
{
|
|
36153
|
+
"id": "CWE-306",
|
|
36154
|
+
"name": "Missing Authentication for Critical Function",
|
|
36155
|
+
"category": "Authentication"
|
|
36156
|
+
},
|
|
36157
|
+
{
|
|
36158
|
+
"id": "CWE-352",
|
|
36159
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
36160
|
+
"category": "Session"
|
|
36161
|
+
},
|
|
36162
|
+
{
|
|
36163
|
+
"id": "CWE-362",
|
|
36164
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
36165
|
+
"category": "Concurrency"
|
|
36166
|
+
},
|
|
36167
|
+
{
|
|
36168
|
+
"id": "CWE-416",
|
|
36169
|
+
"name": "Use After Free",
|
|
36170
|
+
"category": "Memory Safety"
|
|
36171
|
+
},
|
|
36172
|
+
{
|
|
36173
|
+
"id": "CWE-434",
|
|
36174
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
36175
|
+
"category": "File Handling"
|
|
36176
|
+
},
|
|
36177
|
+
{
|
|
36178
|
+
"id": "CWE-672",
|
|
36179
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
36180
|
+
"category": "Memory Safety"
|
|
36181
|
+
},
|
|
36182
|
+
{
|
|
36183
|
+
"id": "CWE-732",
|
|
36184
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
36185
|
+
"category": "Authorization"
|
|
36186
|
+
},
|
|
36187
|
+
{
|
|
36188
|
+
"id": "CWE-78",
|
|
36189
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
36190
|
+
"category": "Injection"
|
|
36191
|
+
},
|
|
36192
|
+
{
|
|
36193
|
+
"id": "CWE-787",
|
|
36194
|
+
"name": "Out-of-bounds Write",
|
|
36195
|
+
"category": "Memory Safety"
|
|
36196
|
+
},
|
|
36197
|
+
{
|
|
36198
|
+
"id": "CWE-79",
|
|
36199
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
36200
|
+
"category": "Injection"
|
|
36201
|
+
},
|
|
36202
|
+
{
|
|
36203
|
+
"id": "CWE-798",
|
|
36204
|
+
"name": "Use of Hard-coded Credentials",
|
|
36205
|
+
"category": "Credentials"
|
|
36206
|
+
},
|
|
36207
|
+
{
|
|
36208
|
+
"id": "CWE-89",
|
|
36209
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
36210
|
+
"category": "Injection"
|
|
36211
|
+
},
|
|
36212
|
+
{
|
|
36213
|
+
"id": "CWE-918",
|
|
36214
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
36215
|
+
"category": "Network"
|
|
36216
|
+
},
|
|
36217
|
+
{
|
|
36218
|
+
"id": "CWE-94",
|
|
36219
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
36220
|
+
"category": "Injection"
|
|
36221
|
+
}
|
|
36222
|
+
],
|
|
36223
|
+
"atlas": [
|
|
36224
|
+
{
|
|
36225
|
+
"id": "AML.T0010",
|
|
36226
|
+
"name": "ML Supply Chain Compromise",
|
|
36227
|
+
"tactic": "Initial Access"
|
|
36228
|
+
},
|
|
36229
|
+
{
|
|
36230
|
+
"id": "AML.T0016",
|
|
36231
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
36232
|
+
"tactic": "Resource Development"
|
|
36233
|
+
},
|
|
36234
|
+
{
|
|
36235
|
+
"id": "AML.T0017",
|
|
36236
|
+
"name": "Discover ML Model Ontology",
|
|
36237
|
+
"tactic": "Discovery"
|
|
36238
|
+
},
|
|
36239
|
+
{
|
|
36240
|
+
"id": "AML.T0018",
|
|
36241
|
+
"name": "Backdoor ML Model",
|
|
36242
|
+
"tactic": "Persistence"
|
|
36243
|
+
},
|
|
36244
|
+
{
|
|
36245
|
+
"id": "AML.T0020",
|
|
36246
|
+
"name": "Poison Training Data",
|
|
36247
|
+
"tactic": "ML Attack Staging"
|
|
36248
|
+
},
|
|
36249
|
+
{
|
|
36250
|
+
"id": "AML.T0043",
|
|
36251
|
+
"name": "Craft Adversarial Data",
|
|
36252
|
+
"tactic": "ML Attack Staging"
|
|
36253
|
+
},
|
|
36254
|
+
{
|
|
36255
|
+
"id": "AML.T0051",
|
|
36256
|
+
"name": "LLM Prompt Injection",
|
|
36257
|
+
"tactic": "Execution"
|
|
36258
|
+
},
|
|
36259
|
+
{
|
|
36260
|
+
"id": "AML.T0054",
|
|
36261
|
+
"name": "LLM Jailbreak",
|
|
36262
|
+
"tactic": "Defense Evasion"
|
|
36263
|
+
},
|
|
36264
|
+
{
|
|
36265
|
+
"id": "AML.T0096",
|
|
36266
|
+
"name": "AI API as Covert C2 Channel",
|
|
36267
|
+
"tactic": "Command and Control"
|
|
36268
|
+
}
|
|
36269
|
+
],
|
|
36270
|
+
"d3fend": [
|
|
36271
|
+
{
|
|
36272
|
+
"id": "D3-ASLR",
|
|
36273
|
+
"name": "Address Space Layout Randomization",
|
|
36274
|
+
"tactic": "Harden"
|
|
36275
|
+
},
|
|
36276
|
+
{
|
|
36277
|
+
"id": "D3-CSPP",
|
|
36278
|
+
"name": "Client-server Payload Profiling",
|
|
36279
|
+
"tactic": "Detect"
|
|
36280
|
+
},
|
|
36281
|
+
{
|
|
36282
|
+
"id": "D3-EAL",
|
|
36283
|
+
"name": "Executable Allowlisting",
|
|
36284
|
+
"tactic": "Harden"
|
|
36285
|
+
},
|
|
36286
|
+
{
|
|
36287
|
+
"id": "D3-IOPR",
|
|
36288
|
+
"name": "Input/Output Profiling Resource",
|
|
36289
|
+
"tactic": "Detect"
|
|
36290
|
+
},
|
|
36291
|
+
{
|
|
36292
|
+
"id": "D3-NTA",
|
|
36293
|
+
"name": "Network Traffic Analysis",
|
|
36294
|
+
"tactic": "Detect"
|
|
36295
|
+
},
|
|
36296
|
+
{
|
|
36297
|
+
"id": "D3-PHRA",
|
|
36298
|
+
"name": "Process Hardware Resource Access",
|
|
36299
|
+
"tactic": "Isolate"
|
|
36300
|
+
},
|
|
36301
|
+
{
|
|
36302
|
+
"id": "D3-PSEP",
|
|
36303
|
+
"name": "Process Segment Execution Prevention",
|
|
36304
|
+
"tactic": "Harden"
|
|
36305
|
+
}
|
|
36306
|
+
],
|
|
36307
|
+
"framework_gaps": [
|
|
36308
|
+
{
|
|
36309
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
36310
|
+
"framework": "ALL",
|
|
36311
|
+
"control_name": "AI Pipeline Integrity"
|
|
36312
|
+
},
|
|
36313
|
+
{
|
|
36314
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
36315
|
+
"framework": "ALL",
|
|
36316
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
36317
|
+
},
|
|
36318
|
+
{
|
|
36319
|
+
"id": "CIS-Controls-v8-Control7",
|
|
36320
|
+
"framework": "CIS Controls v8",
|
|
36321
|
+
"control_name": "Continuous Vulnerability Management"
|
|
36322
|
+
},
|
|
36323
|
+
{
|
|
36324
|
+
"id": "CMMC-2.0-Level-2",
|
|
36325
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
36326
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
36327
|
+
},
|
|
36328
|
+
{
|
|
36329
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
36330
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
36331
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
36332
|
+
},
|
|
36333
|
+
{
|
|
36334
|
+
"id": "IEC-62443-3-3",
|
|
36335
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
36336
|
+
"control_name": "System security requirements and security levels"
|
|
36337
|
+
},
|
|
36338
|
+
{
|
|
36339
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
36340
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36341
|
+
"control_name": "Secure coding"
|
|
36342
|
+
},
|
|
36343
|
+
{
|
|
36344
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
36345
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36346
|
+
"control_name": "Management of technical vulnerabilities"
|
|
36347
|
+
},
|
|
36348
|
+
{
|
|
36349
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
36350
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
36351
|
+
"control_name": "AI risk management process"
|
|
36352
|
+
},
|
|
36353
|
+
{
|
|
36354
|
+
"id": "NERC-CIP-007-6-R4",
|
|
36355
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
36356
|
+
"control_name": "Security event monitoring"
|
|
36357
|
+
},
|
|
36358
|
+
{
|
|
36359
|
+
"id": "NIS2-Art21-patch-management",
|
|
36360
|
+
"framework": "EU NIS2 Directive",
|
|
36361
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36362
|
+
},
|
|
36363
|
+
{
|
|
36364
|
+
"id": "NIST-800-115",
|
|
36365
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36366
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36367
|
+
},
|
|
36368
|
+
{
|
|
36369
|
+
"id": "NIST-800-218-SSDF",
|
|
36370
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36371
|
+
"control_name": "Secure Software Development Framework"
|
|
36372
|
+
},
|
|
36373
|
+
{
|
|
36374
|
+
"id": "NIST-800-53-AC-2",
|
|
36375
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36376
|
+
"control_name": "Account Management"
|
|
36377
|
+
},
|
|
36378
|
+
{
|
|
36379
|
+
"id": "NIST-800-53-SC-8",
|
|
36380
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36381
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36382
|
+
},
|
|
36383
|
+
{
|
|
36384
|
+
"id": "NIST-800-53-SI-2",
|
|
36385
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36386
|
+
"control_name": "Flaw Remediation"
|
|
36387
|
+
},
|
|
36388
|
+
{
|
|
36389
|
+
"id": "NIST-800-53-SI-3",
|
|
36390
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36391
|
+
"control_name": "Malicious Code Protection"
|
|
36392
|
+
},
|
|
36393
|
+
{
|
|
36394
|
+
"id": "NIST-800-82r3",
|
|
36395
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36396
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36397
|
+
},
|
|
36398
|
+
{
|
|
36399
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36400
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36401
|
+
"control_name": "Prompt Injection"
|
|
36402
|
+
},
|
|
36403
|
+
{
|
|
36404
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36405
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36406
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36407
|
+
},
|
|
36408
|
+
{
|
|
36409
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36410
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36411
|
+
"control_name": "Web application penetration testing methodology"
|
|
36412
|
+
},
|
|
36413
|
+
{
|
|
36414
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36415
|
+
"framework": "PCI DSS 4.0",
|
|
36416
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36417
|
+
},
|
|
36418
|
+
{
|
|
36419
|
+
"id": "PTES-Pre-engagement",
|
|
36420
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36421
|
+
"control_name": "Pre-engagement Interactions"
|
|
36422
|
+
},
|
|
36423
|
+
{
|
|
36424
|
+
"id": "SOC2-CC6-logical-access",
|
|
36425
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36426
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36427
|
+
},
|
|
36428
|
+
{
|
|
36429
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36430
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36431
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36432
|
+
}
|
|
36433
|
+
],
|
|
36434
|
+
"attack_refs": [
|
|
36435
|
+
"T0855",
|
|
36436
|
+
"T0883",
|
|
36437
|
+
"T1059",
|
|
36438
|
+
"T1068",
|
|
36439
|
+
"T1078",
|
|
36440
|
+
"T1133",
|
|
36441
|
+
"T1190",
|
|
36442
|
+
"T1548.001",
|
|
36443
|
+
"T1566"
|
|
36444
|
+
],
|
|
36445
|
+
"rfc_refs": [
|
|
36446
|
+
"RFC-4301",
|
|
36447
|
+
"RFC-4303",
|
|
36448
|
+
"RFC-7296"
|
|
36449
|
+
]
|
|
36450
|
+
}
|
|
36451
|
+
},
|
|
36452
|
+
"CVE-2023-6021": {
|
|
36453
|
+
"name": "Anyscale Ray Dashboard Log API Local File Inclusion",
|
|
36454
|
+
"rwep": 27,
|
|
36455
|
+
"cvss": 7.5,
|
|
36456
|
+
"cisa_kev": false,
|
|
36457
|
+
"epss_score": null,
|
|
36458
|
+
"referencing_skills": [
|
|
36459
|
+
"kernel-lpe-triage",
|
|
36460
|
+
"ai-attack-surface",
|
|
36461
|
+
"compliance-theater",
|
|
36462
|
+
"attack-surface-pentest",
|
|
36463
|
+
"ot-ics-security",
|
|
36464
|
+
"coordinated-vuln-disclosure",
|
|
36465
|
+
"sector-energy"
|
|
36466
|
+
],
|
|
36467
|
+
"chain": {
|
|
36468
|
+
"cwes": [
|
|
36469
|
+
{
|
|
36470
|
+
"id": "CWE-1037",
|
|
36471
|
+
"name": "Processor Optimization Removal or Modification of Security-critical Code",
|
|
36472
|
+
"category": "Hardware / Side Channel"
|
|
36473
|
+
},
|
|
36474
|
+
{
|
|
36475
|
+
"id": "CWE-1039",
|
|
36476
|
+
"name": "Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
|
|
36477
|
+
"category": "AI/ML"
|
|
36478
|
+
},
|
|
36479
|
+
{
|
|
36480
|
+
"id": "CWE-125",
|
|
36481
|
+
"name": "Out-of-bounds Read",
|
|
36482
|
+
"category": "Memory Safety"
|
|
36483
|
+
},
|
|
36484
|
+
{
|
|
36485
|
+
"id": "CWE-1357",
|
|
36486
|
+
"name": "Reliance on Insufficiently Trustworthy Component",
|
|
36487
|
+
"category": "Supply Chain"
|
|
36488
|
+
},
|
|
36489
|
+
{
|
|
36490
|
+
"id": "CWE-1395",
|
|
36491
|
+
"name": "Dependency on Vulnerable Third-Party Component",
|
|
36492
|
+
"category": "Supply Chain"
|
|
36493
|
+
},
|
|
36494
|
+
{
|
|
36495
|
+
"id": "CWE-1426",
|
|
36496
|
+
"name": "Improper Validation of Generative AI Output",
|
|
36497
|
+
"category": "AI/ML"
|
|
36498
|
+
},
|
|
36499
|
+
{
|
|
36500
|
+
"id": "CWE-22",
|
|
36501
|
+
"name": "Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
|
|
36502
|
+
"category": "Path/Resource"
|
|
36503
|
+
},
|
|
36504
|
+
{
|
|
36505
|
+
"id": "CWE-269",
|
|
36506
|
+
"name": "Improper Privilege Management",
|
|
36507
|
+
"category": "Authorization"
|
|
36508
|
+
},
|
|
36509
|
+
{
|
|
36510
|
+
"id": "CWE-287",
|
|
36511
|
+
"name": "Improper Authentication",
|
|
36512
|
+
"category": "Authentication"
|
|
36513
|
+
},
|
|
36514
|
+
{
|
|
36515
|
+
"id": "CWE-306",
|
|
36516
|
+
"name": "Missing Authentication for Critical Function",
|
|
36517
|
+
"category": "Authentication"
|
|
36518
|
+
},
|
|
36519
|
+
{
|
|
36520
|
+
"id": "CWE-352",
|
|
36521
|
+
"name": "Cross-Site Request Forgery (CSRF)",
|
|
36522
|
+
"category": "Session"
|
|
36523
|
+
},
|
|
36524
|
+
{
|
|
36525
|
+
"id": "CWE-362",
|
|
36526
|
+
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)",
|
|
36527
|
+
"category": "Concurrency"
|
|
36528
|
+
},
|
|
36529
|
+
{
|
|
36530
|
+
"id": "CWE-416",
|
|
36531
|
+
"name": "Use After Free",
|
|
36532
|
+
"category": "Memory Safety"
|
|
36533
|
+
},
|
|
36534
|
+
{
|
|
36535
|
+
"id": "CWE-434",
|
|
36536
|
+
"name": "Unrestricted Upload of File with Dangerous Type",
|
|
36537
|
+
"category": "File Handling"
|
|
36538
|
+
},
|
|
36539
|
+
{
|
|
36540
|
+
"id": "CWE-672",
|
|
36541
|
+
"name": "Operation on a Resource after Expiration or Release",
|
|
36542
|
+
"category": "Memory Safety"
|
|
36543
|
+
},
|
|
36544
|
+
{
|
|
36545
|
+
"id": "CWE-732",
|
|
36546
|
+
"name": "Incorrect Permission Assignment for Critical Resource",
|
|
36547
|
+
"category": "Authorization"
|
|
36548
|
+
},
|
|
36549
|
+
{
|
|
36550
|
+
"id": "CWE-78",
|
|
36551
|
+
"name": "Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)",
|
|
36552
|
+
"category": "Injection"
|
|
36553
|
+
},
|
|
36554
|
+
{
|
|
36555
|
+
"id": "CWE-787",
|
|
36556
|
+
"name": "Out-of-bounds Write",
|
|
36557
|
+
"category": "Memory Safety"
|
|
36558
|
+
},
|
|
36559
|
+
{
|
|
36560
|
+
"id": "CWE-79",
|
|
36561
|
+
"name": "Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
|
|
36562
|
+
"category": "Injection"
|
|
36563
|
+
},
|
|
36564
|
+
{
|
|
36565
|
+
"id": "CWE-798",
|
|
36566
|
+
"name": "Use of Hard-coded Credentials",
|
|
36567
|
+
"category": "Credentials"
|
|
36568
|
+
},
|
|
36569
|
+
{
|
|
36570
|
+
"id": "CWE-89",
|
|
36571
|
+
"name": "Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)",
|
|
36572
|
+
"category": "Injection"
|
|
36573
|
+
},
|
|
36574
|
+
{
|
|
36575
|
+
"id": "CWE-918",
|
|
36576
|
+
"name": "Server-Side Request Forgery (SSRF)",
|
|
36577
|
+
"category": "Network"
|
|
36578
|
+
},
|
|
36579
|
+
{
|
|
36580
|
+
"id": "CWE-94",
|
|
36581
|
+
"name": "Improper Control of Generation of Code (Code Injection)",
|
|
36582
|
+
"category": "Injection"
|
|
36583
|
+
}
|
|
36584
|
+
],
|
|
36585
|
+
"atlas": [
|
|
36586
|
+
{
|
|
36587
|
+
"id": "AML.T0010",
|
|
36588
|
+
"name": "ML Supply Chain Compromise",
|
|
36589
|
+
"tactic": "Initial Access"
|
|
36590
|
+
},
|
|
36591
|
+
{
|
|
36592
|
+
"id": "AML.T0016",
|
|
36593
|
+
"name": "Obtain Capabilities: Develop Capabilities",
|
|
36594
|
+
"tactic": "Resource Development"
|
|
36595
|
+
},
|
|
36596
|
+
{
|
|
36597
|
+
"id": "AML.T0017",
|
|
36598
|
+
"name": "Discover ML Model Ontology",
|
|
36599
|
+
"tactic": "Discovery"
|
|
36600
|
+
},
|
|
36601
|
+
{
|
|
36602
|
+
"id": "AML.T0018",
|
|
36603
|
+
"name": "Backdoor ML Model",
|
|
36604
|
+
"tactic": "Persistence"
|
|
36605
|
+
},
|
|
36606
|
+
{
|
|
36607
|
+
"id": "AML.T0020",
|
|
36608
|
+
"name": "Poison Training Data",
|
|
36609
|
+
"tactic": "ML Attack Staging"
|
|
36610
|
+
},
|
|
36611
|
+
{
|
|
36612
|
+
"id": "AML.T0043",
|
|
36613
|
+
"name": "Craft Adversarial Data",
|
|
36614
|
+
"tactic": "ML Attack Staging"
|
|
36615
|
+
},
|
|
36616
|
+
{
|
|
36617
|
+
"id": "AML.T0051",
|
|
36618
|
+
"name": "LLM Prompt Injection",
|
|
36619
|
+
"tactic": "Execution"
|
|
36620
|
+
},
|
|
36621
|
+
{
|
|
36622
|
+
"id": "AML.T0054",
|
|
36623
|
+
"name": "LLM Jailbreak",
|
|
36624
|
+
"tactic": "Defense Evasion"
|
|
36625
|
+
},
|
|
36626
|
+
{
|
|
36627
|
+
"id": "AML.T0096",
|
|
36628
|
+
"name": "AI API as Covert C2 Channel",
|
|
36629
|
+
"tactic": "Command and Control"
|
|
36630
|
+
}
|
|
36631
|
+
],
|
|
36632
|
+
"d3fend": [
|
|
36633
|
+
{
|
|
36634
|
+
"id": "D3-ASLR",
|
|
36635
|
+
"name": "Address Space Layout Randomization",
|
|
36636
|
+
"tactic": "Harden"
|
|
36637
|
+
},
|
|
36638
|
+
{
|
|
36639
|
+
"id": "D3-CSPP",
|
|
36640
|
+
"name": "Client-server Payload Profiling",
|
|
36641
|
+
"tactic": "Detect"
|
|
36642
|
+
},
|
|
36643
|
+
{
|
|
36644
|
+
"id": "D3-EAL",
|
|
36645
|
+
"name": "Executable Allowlisting",
|
|
36646
|
+
"tactic": "Harden"
|
|
36647
|
+
},
|
|
36648
|
+
{
|
|
36649
|
+
"id": "D3-IOPR",
|
|
36650
|
+
"name": "Input/Output Profiling Resource",
|
|
36651
|
+
"tactic": "Detect"
|
|
36652
|
+
},
|
|
36653
|
+
{
|
|
36654
|
+
"id": "D3-NTA",
|
|
36655
|
+
"name": "Network Traffic Analysis",
|
|
36656
|
+
"tactic": "Detect"
|
|
36657
|
+
},
|
|
36658
|
+
{
|
|
36659
|
+
"id": "D3-PHRA",
|
|
36660
|
+
"name": "Process Hardware Resource Access",
|
|
36661
|
+
"tactic": "Isolate"
|
|
36662
|
+
},
|
|
36663
|
+
{
|
|
36664
|
+
"id": "D3-PSEP",
|
|
36665
|
+
"name": "Process Segment Execution Prevention",
|
|
36666
|
+
"tactic": "Harden"
|
|
36667
|
+
}
|
|
36668
|
+
],
|
|
36669
|
+
"framework_gaps": [
|
|
36670
|
+
{
|
|
36671
|
+
"id": "ALL-AI-PIPELINE-INTEGRITY",
|
|
36672
|
+
"framework": "ALL",
|
|
36673
|
+
"control_name": "AI Pipeline Integrity"
|
|
36674
|
+
},
|
|
36675
|
+
{
|
|
36676
|
+
"id": "ALL-PROMPT-INJECTION-ACCESS-CONTROL",
|
|
36677
|
+
"framework": "ALL",
|
|
36678
|
+
"control_name": "Prompt Injection as Access Control Failure"
|
|
36679
|
+
},
|
|
36680
|
+
{
|
|
36681
|
+
"id": "CIS-Controls-v8-Control7",
|
|
36682
|
+
"framework": "CIS Controls v8",
|
|
36683
|
+
"control_name": "Continuous Vulnerability Management"
|
|
36684
|
+
},
|
|
36685
|
+
{
|
|
36686
|
+
"id": "CMMC-2.0-Level-2",
|
|
36687
|
+
"framework": "CMMC 2.0 (Cybersecurity Maturity Model Certification) Level 2",
|
|
36688
|
+
"control_name": "Level 2 — Advanced (110 NIST 800-171 Rev 2 controls)"
|
|
36689
|
+
},
|
|
36690
|
+
{
|
|
36691
|
+
"id": "FedRAMP-Rev5-Moderate",
|
|
36692
|
+
"framework": "FedRAMP Rev 5 Moderate",
|
|
36693
|
+
"control_name": "FedRAMP Moderate baseline (NIST 800-53 Rev 5 tailoring)"
|
|
36694
|
+
},
|
|
36695
|
+
{
|
|
36696
|
+
"id": "IEC-62443-3-3",
|
|
36697
|
+
"framework": "IEC 62443-3-3 (Industrial communication networks — security for IACS)",
|
|
36698
|
+
"control_name": "System security requirements and security levels"
|
|
36699
|
+
},
|
|
36700
|
+
{
|
|
36701
|
+
"id": "ISO-27001-2022-A.8.28",
|
|
36702
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36703
|
+
"control_name": "Secure coding"
|
|
36704
|
+
},
|
|
36705
|
+
{
|
|
36706
|
+
"id": "ISO-27001-2022-A.8.8",
|
|
36707
|
+
"framework": "ISO/IEC 27001:2022",
|
|
36708
|
+
"control_name": "Management of technical vulnerabilities"
|
|
36709
|
+
},
|
|
36710
|
+
{
|
|
36711
|
+
"id": "ISO-IEC-23894-2023-clause-7",
|
|
36712
|
+
"framework": "ISO/IEC 23894:2023 (AI Risk Management Guidance)",
|
|
36713
|
+
"control_name": "AI risk management process"
|
|
36714
|
+
},
|
|
36715
|
+
{
|
|
36716
|
+
"id": "NERC-CIP-007-6-R4",
|
|
36717
|
+
"framework": "NERC CIP-007-6 (BES Cyber System Security Management)",
|
|
36718
|
+
"control_name": "Security event monitoring"
|
|
36719
|
+
},
|
|
36720
|
+
{
|
|
36721
|
+
"id": "NIS2-Art21-patch-management",
|
|
36722
|
+
"framework": "EU NIS2 Directive",
|
|
36723
|
+
"control_name": "Vulnerability handling and disclosure"
|
|
36724
|
+
},
|
|
36725
|
+
{
|
|
36726
|
+
"id": "NIST-800-115",
|
|
36727
|
+
"framework": "NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)",
|
|
36728
|
+
"control_name": "Technical Guide to Information Security Testing and Assessment"
|
|
36729
|
+
},
|
|
36730
|
+
{
|
|
36731
|
+
"id": "NIST-800-218-SSDF",
|
|
36732
|
+
"framework": "NIST SP 800-218 (Secure Software Development Framework v1.1)",
|
|
36733
|
+
"control_name": "Secure Software Development Framework"
|
|
36734
|
+
},
|
|
36735
|
+
{
|
|
36736
|
+
"id": "NIST-800-53-AC-2",
|
|
36737
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36738
|
+
"control_name": "Account Management"
|
|
36739
|
+
},
|
|
36740
|
+
{
|
|
36741
|
+
"id": "NIST-800-53-SC-8",
|
|
36742
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36743
|
+
"control_name": "Transmission Confidentiality and Integrity"
|
|
36744
|
+
},
|
|
36745
|
+
{
|
|
36746
|
+
"id": "NIST-800-53-SI-2",
|
|
36747
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36748
|
+
"control_name": "Flaw Remediation"
|
|
36749
|
+
},
|
|
36750
|
+
{
|
|
36751
|
+
"id": "NIST-800-53-SI-3",
|
|
36752
|
+
"framework": "NIST SP 800-53 Rev 5",
|
|
36753
|
+
"control_name": "Malicious Code Protection"
|
|
36754
|
+
},
|
|
36755
|
+
{
|
|
36756
|
+
"id": "NIST-800-82r3",
|
|
36757
|
+
"framework": "NIST SP 800-82 Rev 3 (Guide to OT Security)",
|
|
36758
|
+
"control_name": "Guide to Operational Technology (OT) Security"
|
|
36759
|
+
},
|
|
36760
|
+
{
|
|
36761
|
+
"id": "OWASP-LLM-Top-10-2025-LLM01",
|
|
36762
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36763
|
+
"control_name": "Prompt Injection"
|
|
36764
|
+
},
|
|
36765
|
+
{
|
|
36766
|
+
"id": "OWASP-LLM-Top-10-2025-LLM02",
|
|
36767
|
+
"framework": "OWASP Top 10 for LLM Applications 2025",
|
|
36768
|
+
"control_name": "Sensitive Information Disclosure"
|
|
36769
|
+
},
|
|
36770
|
+
{
|
|
36771
|
+
"id": "OWASP-Pen-Testing-Guide-v5",
|
|
36772
|
+
"framework": "OWASP Web Security Testing Guide v5 (WSTG)",
|
|
36773
|
+
"control_name": "Web application penetration testing methodology"
|
|
36774
|
+
},
|
|
36775
|
+
{
|
|
36776
|
+
"id": "PCI-DSS-4.0-6.3.3",
|
|
36777
|
+
"framework": "PCI DSS 4.0",
|
|
36778
|
+
"control_name": "All system components are protected from known vulnerabilities by installing applicable security patches/updates"
|
|
36779
|
+
},
|
|
36780
|
+
{
|
|
36781
|
+
"id": "PTES-Pre-engagement",
|
|
36782
|
+
"framework": "Penetration Testing Execution Standard (PTES)",
|
|
36783
|
+
"control_name": "Pre-engagement Interactions"
|
|
36784
|
+
},
|
|
36785
|
+
{
|
|
36786
|
+
"id": "SOC2-CC6-logical-access",
|
|
36787
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36788
|
+
"control_name": "Logical and Physical Access Controls"
|
|
36789
|
+
},
|
|
36790
|
+
{
|
|
36791
|
+
"id": "SOC2-CC9-vendor-management",
|
|
36792
|
+
"framework": "SOC 2 (AICPA Trust Services Criteria)",
|
|
36793
|
+
"control_name": "Risk Mitigation — Vendor and Business Partner Risk"
|
|
36794
|
+
}
|
|
36795
|
+
],
|
|
36796
|
+
"attack_refs": [
|
|
36797
|
+
"T0855",
|
|
36798
|
+
"T0883",
|
|
36799
|
+
"T1059",
|
|
36800
|
+
"T1068",
|
|
36801
|
+
"T1078",
|
|
36802
|
+
"T1133",
|
|
36803
|
+
"T1190",
|
|
36804
|
+
"T1548.001",
|
|
36805
|
+
"T1566"
|
|
36806
|
+
],
|
|
36807
|
+
"rfc_refs": [
|
|
36808
|
+
"RFC-4301",
|
|
36809
|
+
"RFC-4303",
|
|
36810
|
+
"RFC-7296"
|
|
36811
|
+
]
|
|
36812
|
+
}
|
|
36813
|
+
},
|
|
36090
36814
|
"CVE-2026-41091": {
|
|
36091
36815
|
"name": "Microsoft Defender (Malware Protection Engine) Link-Following LPE to SYSTEM",
|
|
36092
36816
|
"rwep": 45,
|
|
@@ -62468,6 +63192,8 @@
|
|
|
62468
63192
|
"CVE-2023-44467",
|
|
62469
63193
|
"CVE-2023-48022",
|
|
62470
63194
|
"CVE-2023-51449",
|
|
63195
|
+
"CVE-2023-6019",
|
|
63196
|
+
"CVE-2023-6021",
|
|
62471
63197
|
"CVE-2024-0132",
|
|
62472
63198
|
"CVE-2024-11392",
|
|
62473
63199
|
"CVE-2024-11393",
|
|
@@ -62869,6 +63595,8 @@
|
|
|
62869
63595
|
"CVE-2023-44467",
|
|
62870
63596
|
"CVE-2023-48022",
|
|
62871
63597
|
"CVE-2023-51449",
|
|
63598
|
+
"CVE-2023-6019",
|
|
63599
|
+
"CVE-2023-6021",
|
|
62872
63600
|
"CVE-2024-0132",
|
|
62873
63601
|
"CVE-2024-11392",
|
|
62874
63602
|
"CVE-2024-11393",
|
|
@@ -63061,6 +63789,8 @@
|
|
|
63061
63789
|
"CVE-2023-44467",
|
|
63062
63790
|
"CVE-2023-48022",
|
|
63063
63791
|
"CVE-2023-51449",
|
|
63792
|
+
"CVE-2023-6019",
|
|
63793
|
+
"CVE-2023-6021",
|
|
63064
63794
|
"CVE-2024-0132",
|
|
63065
63795
|
"CVE-2024-11392",
|
|
63066
63796
|
"CVE-2024-11393",
|
|
@@ -63267,6 +63997,8 @@
|
|
|
63267
63997
|
"CVE-2023-44467",
|
|
63268
63998
|
"CVE-2023-48022",
|
|
63269
63999
|
"CVE-2023-51449",
|
|
64000
|
+
"CVE-2023-6019",
|
|
64001
|
+
"CVE-2023-6021",
|
|
63270
64002
|
"CVE-2024-0132",
|
|
63271
64003
|
"CVE-2024-11392",
|
|
63272
64004
|
"CVE-2024-11393",
|
|
@@ -63577,6 +64309,8 @@
|
|
|
63577
64309
|
"CVE-2023-44467",
|
|
63578
64310
|
"CVE-2023-48022",
|
|
63579
64311
|
"CVE-2023-51449",
|
|
64312
|
+
"CVE-2023-6019",
|
|
64313
|
+
"CVE-2023-6021",
|
|
63580
64314
|
"CVE-2024-0132",
|
|
63581
64315
|
"CVE-2024-11392",
|
|
63582
64316
|
"CVE-2024-11393",
|
|
@@ -63843,6 +64577,8 @@
|
|
|
63843
64577
|
"CVE-2023-50224",
|
|
63844
64578
|
"CVE-2023-51449",
|
|
63845
64579
|
"CVE-2023-52163",
|
|
64580
|
+
"CVE-2023-6019",
|
|
64581
|
+
"CVE-2023-6021",
|
|
63846
64582
|
"CVE-2024-0132",
|
|
63847
64583
|
"CVE-2024-0769",
|
|
63848
64584
|
"CVE-2024-11182",
|
|
@@ -64697,6 +65433,8 @@
|
|
|
64697
65433
|
"CVE-2023-44467",
|
|
64698
65434
|
"CVE-2023-48022",
|
|
64699
65435
|
"CVE-2023-51449",
|
|
65436
|
+
"CVE-2023-6019",
|
|
65437
|
+
"CVE-2023-6021",
|
|
64700
65438
|
"CVE-2024-0132",
|
|
64701
65439
|
"CVE-2024-11392",
|
|
64702
65440
|
"CVE-2024-11393",
|
|
@@ -65328,6 +66066,8 @@
|
|
|
65328
66066
|
"CVE-2023-44467",
|
|
65329
66067
|
"CVE-2023-48022",
|
|
65330
66068
|
"CVE-2023-51449",
|
|
66069
|
+
"CVE-2023-6019",
|
|
66070
|
+
"CVE-2023-6021",
|
|
65331
66071
|
"CVE-2024-0132",
|
|
65332
66072
|
"CVE-2024-11392",
|
|
65333
66073
|
"CVE-2024-11393",
|
|
@@ -65597,6 +66337,8 @@
|
|
|
65597
66337
|
"CVE-2023-44467",
|
|
65598
66338
|
"CVE-2023-48022",
|
|
65599
66339
|
"CVE-2023-51449",
|
|
66340
|
+
"CVE-2023-6019",
|
|
66341
|
+
"CVE-2023-6021",
|
|
65600
66342
|
"CVE-2024-0132",
|
|
65601
66343
|
"CVE-2024-11392",
|
|
65602
66344
|
"CVE-2024-11393",
|
|
@@ -66292,6 +67034,8 @@
|
|
|
66292
67034
|
"CVE-2023-44467",
|
|
66293
67035
|
"CVE-2023-48022",
|
|
66294
67036
|
"CVE-2023-51449",
|
|
67037
|
+
"CVE-2023-6019",
|
|
67038
|
+
"CVE-2023-6021",
|
|
66295
67039
|
"CVE-2024-0132",
|
|
66296
67040
|
"CVE-2024-11392",
|
|
66297
67041
|
"CVE-2024-11393",
|
|
@@ -66565,6 +67309,8 @@
|
|
|
66565
67309
|
"CVE-2023-50224",
|
|
66566
67310
|
"CVE-2023-51449",
|
|
66567
67311
|
"CVE-2023-52163",
|
|
67312
|
+
"CVE-2023-6019",
|
|
67313
|
+
"CVE-2023-6021",
|
|
66568
67314
|
"CVE-2024-0132",
|
|
66569
67315
|
"CVE-2024-0769",
|
|
66570
67316
|
"CVE-2024-11182",
|
|
@@ -67017,6 +67763,8 @@
|
|
|
67017
67763
|
"CVE-2023-50224",
|
|
67018
67764
|
"CVE-2023-51449",
|
|
67019
67765
|
"CVE-2023-52163",
|
|
67766
|
+
"CVE-2023-6019",
|
|
67767
|
+
"CVE-2023-6021",
|
|
67020
67768
|
"CVE-2024-0132",
|
|
67021
67769
|
"CVE-2024-0769",
|
|
67022
67770
|
"CVE-2024-11182",
|
|
@@ -67500,6 +68248,8 @@
|
|
|
67500
68248
|
"CVE-2023-44467",
|
|
67501
68249
|
"CVE-2023-48022",
|
|
67502
68250
|
"CVE-2023-51449",
|
|
68251
|
+
"CVE-2023-6019",
|
|
68252
|
+
"CVE-2023-6021",
|
|
67503
68253
|
"CVE-2024-0132",
|
|
67504
68254
|
"CVE-2024-11392",
|
|
67505
68255
|
"CVE-2024-11393",
|
|
@@ -68325,6 +69075,8 @@
|
|
|
68325
69075
|
"CVE-2023-50224",
|
|
68326
69076
|
"CVE-2023-51449",
|
|
68327
69077
|
"CVE-2023-52163",
|
|
69078
|
+
"CVE-2023-6019",
|
|
69079
|
+
"CVE-2023-6021",
|
|
68328
69080
|
"CVE-2024-0132",
|
|
68329
69081
|
"CVE-2024-0769",
|
|
68330
69082
|
"CVE-2024-11182",
|
|
@@ -68872,6 +69624,8 @@
|
|
|
68872
69624
|
"CVE-2023-44467",
|
|
68873
69625
|
"CVE-2023-48022",
|
|
68874
69626
|
"CVE-2023-51449",
|
|
69627
|
+
"CVE-2023-6019",
|
|
69628
|
+
"CVE-2023-6021",
|
|
68875
69629
|
"CVE-2024-0132",
|
|
68876
69630
|
"CVE-2024-11392",
|
|
68877
69631
|
"CVE-2024-11393",
|
|
@@ -69223,6 +69977,8 @@
|
|
|
69223
69977
|
"CVE-2023-50224",
|
|
69224
69978
|
"CVE-2023-51449",
|
|
69225
69979
|
"CVE-2023-52163",
|
|
69980
|
+
"CVE-2023-6019",
|
|
69981
|
+
"CVE-2023-6021",
|
|
69226
69982
|
"CVE-2024-0132",
|
|
69227
69983
|
"CVE-2024-0769",
|
|
69228
69984
|
"CVE-2024-11182",
|
|
@@ -69789,6 +70545,8 @@
|
|
|
69789
70545
|
"CVE-2023-44467",
|
|
69790
70546
|
"CVE-2023-48022",
|
|
69791
70547
|
"CVE-2023-51449",
|
|
70548
|
+
"CVE-2023-6019",
|
|
70549
|
+
"CVE-2023-6021",
|
|
69792
70550
|
"CVE-2024-0132",
|
|
69793
70551
|
"CVE-2024-11392",
|
|
69794
70552
|
"CVE-2024-11393",
|
|
@@ -70755,6 +71513,8 @@
|
|
|
70755
71513
|
"CVE-2023-44467",
|
|
70756
71514
|
"CVE-2023-48022",
|
|
70757
71515
|
"CVE-2023-51449",
|
|
71516
|
+
"CVE-2023-6019",
|
|
71517
|
+
"CVE-2023-6021",
|
|
70758
71518
|
"CVE-2024-0132",
|
|
70759
71519
|
"CVE-2024-11392",
|
|
70760
71520
|
"CVE-2024-11393",
|
|
@@ -70885,6 +71645,8 @@
|
|
|
70885
71645
|
"CVE-2023-44467",
|
|
70886
71646
|
"CVE-2023-48022",
|
|
70887
71647
|
"CVE-2023-51449",
|
|
71648
|
+
"CVE-2023-6019",
|
|
71649
|
+
"CVE-2023-6021",
|
|
70888
71650
|
"CVE-2024-0132",
|
|
70889
71651
|
"CVE-2024-11392",
|
|
70890
71652
|
"CVE-2024-11393",
|
|
@@ -71085,6 +71847,8 @@
|
|
|
71085
71847
|
"CVE-2023-44467",
|
|
71086
71848
|
"CVE-2023-48022",
|
|
71087
71849
|
"CVE-2023-51449",
|
|
71850
|
+
"CVE-2023-6019",
|
|
71851
|
+
"CVE-2023-6021",
|
|
71088
71852
|
"CVE-2024-0132",
|
|
71089
71853
|
"CVE-2024-11392",
|
|
71090
71854
|
"CVE-2024-11393",
|
|
@@ -71535,6 +72299,8 @@
|
|
|
71535
72299
|
"CVE-2023-50224",
|
|
71536
72300
|
"CVE-2023-51449",
|
|
71537
72301
|
"CVE-2023-52163",
|
|
72302
|
+
"CVE-2023-6019",
|
|
72303
|
+
"CVE-2023-6021",
|
|
71538
72304
|
"CVE-2024-0769",
|
|
71539
72305
|
"CVE-2024-11182",
|
|
71540
72306
|
"CVE-2024-11392",
|
|
@@ -72007,6 +72773,8 @@
|
|
|
72007
72773
|
"CVE-2023-44467",
|
|
72008
72774
|
"CVE-2023-48022",
|
|
72009
72775
|
"CVE-2023-51449",
|
|
72776
|
+
"CVE-2023-6019",
|
|
72777
|
+
"CVE-2023-6021",
|
|
72010
72778
|
"CVE-2024-0132",
|
|
72011
72779
|
"CVE-2024-11392",
|
|
72012
72780
|
"CVE-2024-11393",
|
|
@@ -72330,6 +73098,8 @@
|
|
|
72330
73098
|
"CVE-2023-44467",
|
|
72331
73099
|
"CVE-2023-48022",
|
|
72332
73100
|
"CVE-2023-51449",
|
|
73101
|
+
"CVE-2023-6019",
|
|
73102
|
+
"CVE-2023-6021",
|
|
72333
73103
|
"CVE-2024-0132",
|
|
72334
73104
|
"CVE-2024-11392",
|
|
72335
73105
|
"CVE-2024-11393",
|