regscale-cli 6.22.0.0__py3-none-any.whl → 6.23.0.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of regscale-cli might be problematic. Click here for more details.
- regscale/_version.py +1 -1
- regscale/core/app/api.py +4 -1
- regscale/core/app/utils/app_utils.py +3 -3
- regscale/dev/code_gen.py +1 -1
- regscale/integrations/commercial/__init__.py +12 -0
- regscale/integrations/commercial/sarif/__init__.py +0 -0
- regscale/integrations/commercial/sarif/sairf_importer.py +432 -0
- regscale/integrations/commercial/sarif/sarif_converter.py +67 -0
- regscale/integrations/commercial/synqly/edr.py +2 -8
- regscale/integrations/public/csam/__init__.py +0 -0
- regscale/integrations/public/csam/csam.py +1129 -0
- regscale/models/integration_models/cisa_kev_data.json +63 -3
- regscale/models/integration_models/flat_file_importer/__init__.py +1 -2
- regscale/models/integration_models/synqly_models/capabilities.json +1 -1
- regscale/models/integration_models/synqly_models/connectors/vulnerabilities.py +1 -1
- regscale/models/integration_models/synqly_models/ocsf_mapper.py +2 -2
- regscale/models/regscale_models/issue.py +4 -1
- regscale/models/regscale_models/vulnerability.py +3 -3
- regscale/regscale.py +5 -3
- {regscale_cli-6.22.0.0.dist-info → regscale_cli-6.23.0.0.dist-info}/METADATA +9 -9
- {regscale_cli-6.22.0.0.dist-info → regscale_cli-6.23.0.0.dist-info}/RECORD +25 -20
- {regscale_cli-6.22.0.0.dist-info → regscale_cli-6.23.0.0.dist-info}/LICENSE +0 -0
- {regscale_cli-6.22.0.0.dist-info → regscale_cli-6.23.0.0.dist-info}/WHEEL +0 -0
- {regscale_cli-6.22.0.0.dist-info → regscale_cli-6.23.0.0.dist-info}/entry_points.txt +0 -0
- {regscale_cli-6.22.0.0.dist-info → regscale_cli-6.23.0.0.dist-info}/top_level.txt +0 -0
|
@@ -1,9 +1,69 @@
|
|
|
1
1
|
{
|
|
2
2
|
"title": "CISA Catalog of Known Exploited Vulnerabilities",
|
|
3
|
-
"catalogVersion": "2025.
|
|
4
|
-
"dateReleased": "2025-
|
|
5
|
-
"count":
|
|
3
|
+
"catalogVersion": "2025.09.03",
|
|
4
|
+
"dateReleased": "2025-09-03T17:00:44.122Z",
|
|
5
|
+
"count": 1410,
|
|
6
6
|
"vulnerabilities": [
|
|
7
|
+
{
|
|
8
|
+
"cveID": "CVE-2023-50224",
|
|
9
|
+
"vendorProject": "TP-Link",
|
|
10
|
+
"product": "TL-WR841N",
|
|
11
|
+
"vulnerabilityName": "TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability",
|
|
12
|
+
"dateAdded": "2025-09-03",
|
|
13
|
+
"shortDescription": "TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
|
|
14
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
15
|
+
"dueDate": "2025-09-24",
|
|
16
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
17
|
+
"notes": "https:\/\/www.tp-link.com\/us\/support\/faq\/4308\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-50224",
|
|
18
|
+
"cwes": [
|
|
19
|
+
"CWE-290"
|
|
20
|
+
]
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
"cveID": "CVE-2025-9377",
|
|
24
|
+
"vendorProject": "TP-Link",
|
|
25
|
+
"product": "Multiple Routers",
|
|
26
|
+
"vulnerabilityName": "TP-Link Archer C7(EU) and TL-WR841N\/ND(MS) OS Command Injection Vulnerability",
|
|
27
|
+
"dateAdded": "2025-09-03",
|
|
28
|
+
"shortDescription": "TP-Link Archer C7(EU) and TL-WR841N\/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
|
|
29
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
30
|
+
"dueDate": "2025-09-24",
|
|
31
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
32
|
+
"notes": "https:\/\/www.tp-link.com\/us\/support\/faq\/4308\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-9377",
|
|
33
|
+
"cwes": [
|
|
34
|
+
"CWE-78"
|
|
35
|
+
]
|
|
36
|
+
},
|
|
37
|
+
{
|
|
38
|
+
"cveID": "CVE-2020-24363",
|
|
39
|
+
"vendorProject": "TP-Link",
|
|
40
|
+
"product": "TL-WA855RE",
|
|
41
|
+
"vulnerabilityName": "TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability",
|
|
42
|
+
"dateAdded": "2025-09-02",
|
|
43
|
+
"shortDescription": "TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and\/or end-of-service (EoS). Users should discontinue product utilization.",
|
|
44
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
45
|
+
"dueDate": "2025-09-23",
|
|
46
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
47
|
+
"notes": "https:\/\/www.tp-link.com\/us\/home-networking\/range-extender\/tl-wa855re\/#overview ; https:\/\/www.tp-link.com\/us\/support\/download\/tl-wa855re\/#FAQs ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-24363",
|
|
48
|
+
"cwes": [
|
|
49
|
+
"CWE-306"
|
|
50
|
+
]
|
|
51
|
+
},
|
|
52
|
+
{
|
|
53
|
+
"cveID": "CVE-2025-55177",
|
|
54
|
+
"vendorProject": "Meta Platforms",
|
|
55
|
+
"product": "WhatsApp",
|
|
56
|
+
"vulnerabilityName": "Meta Platforms WhatsApp Incorrect Authorization Vulnerability",
|
|
57
|
+
"dateAdded": "2025-09-02",
|
|
58
|
+
"shortDescription": "Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device.",
|
|
59
|
+
"requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
|
|
60
|
+
"dueDate": "2025-09-23",
|
|
61
|
+
"knownRansomwareCampaignUse": "Unknown",
|
|
62
|
+
"notes": "https:\/\/www.whatsapp.com\/security\/advisories\/2025\/ ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-55177",
|
|
63
|
+
"cwes": [
|
|
64
|
+
"CWE-863"
|
|
65
|
+
]
|
|
66
|
+
},
|
|
7
67
|
{
|
|
8
68
|
"cveID": "CVE-2025-57819",
|
|
9
69
|
"vendorProject": "Sangoma",
|
|
@@ -32,10 +32,9 @@ from regscale.core.app.utils.app_utils import (
|
|
|
32
32
|
from regscale.core.app.utils.parser_utils import safe_datetime_str
|
|
33
33
|
from regscale.integrations.scanner_integration import ScannerIntegration
|
|
34
34
|
from regscale.models import IssueStatus, Metadata, regscale_models
|
|
35
|
-
from regscale.models.app_models.mapping import Mapping
|
|
36
35
|
from regscale.models.regscale_models import Asset, File, IssueSeverity, Vulnerability
|
|
37
36
|
|
|
38
|
-
logger = logging.getLogger(
|
|
37
|
+
logger = logging.getLogger("regscale")
|
|
39
38
|
|
|
40
39
|
DT_FORMAT = "%Y-%m-%d"
|
|
41
40
|
|