Monday, February 5, 2018

Vulnerability Database Update

Update Updated VunlerabilityDB is available at GitHub.

CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754 dominated the news in January. A quick check on these vulnerabilities in the latest database shows CVSS of 4.7. This score is not high relative to other vulnerabilities discovered in the same month.

They are Meltdown and Spectre, they catch the attention because they are reported in the mainstream media. As security practitioner, we should not depends on mainstream media for threat intel.

select * from pa_vulnerability_cve 
where cve_id in ('CVE-2017-5753', 'CVE-2017-5715', 'CVE-2017-5754')


Saturday, October 21, 2017

Polaris VulnerabilityDB Update

Updated VunlerabilityDB is available at GitHub. This update includes the recent Oracle critical patch update advisory. Oracle announced several vulnerabilities in Java, the following SQL extract details of these vulnerabilities from the database.

select c.doc_type, c.doc_init_rel_date, vp.vul_status, 
          p.prod_name, vul_cve 
     from pa_cvrf_doc c, pa_cvrf_vul v, pa_cvrf_vul_product vp, 
          pa_cvrf_product p 
     where c.cvrf_id=v.cvrf_id 
     and v.vul_id=vp.vul_id 
     and vp.prod_id=p.prod_id 
     and prod_name like '%Java%'
     and c.cvrf_id=3357

The output can be formatted for reporting as follow: