gt;> anyway)
>>
>> And then you keep an ear out for critical things that haven't made it to
>> the
>> updates yet anyway.
>>
>> David Lang
>>
>> On Tue, 18 Aug 2015, Paul DiSciascio wrote:
>>
>> > Date: Tue, 18 Aug 2015 07:38:57
Date: Tue, 18 Aug 2015 07:38:57 -0400
> > From: Paul DiSciascio
> > To: tech@lists.lopsa.org
> > Subject: Re: [lopsa-tech] getting a list of critical vulnerabilities
> from the
> > NVD at NIST
> >
> > On a related note, I'd be curious to know how y
8 Aug 2015, Paul DiSciascio wrote:
Date: Tue, 18 Aug 2015 07:38:57 -0400
From: Paul DiSciascio
To: tech@lists.lopsa.org
Subject: Re: [lopsa-tech] getting a list of critical vulnerabilities from the
NVD at NIST
On a related note, I'd be curious to know how you plan to map what's in
t
Once I saw how many critical vulnerabilities there were, I told my client
fuggetaboutit, there's too much to track, instead let's work out how to
keep your systems up to date on OS vendor patches.
On Tue, Aug 18, 2015 at 4:38 AM, Paul DiSciascio
wrote:
> On a related note, I'd be curious to know
If you’re interested in using PowerShell you could do the following:
$vulninfo = Invoke-WebRequest -Uri
"http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-recent.xml";
$entry = $vulninfo.nvd.entry
$temphostobject = @()
$vulnhostobject = @()
#loop through each entry node
ForEach
On a related note, I'd be curious to know how you plan to map what's in
this database to package versions on the systems you're auditing. I
tried to tackle this years ago and determined that there would be too
much manual effort to keep that sort of mapping up to date.
For example, some vulnerabi
Thanks for your kind replies. Once I got home and put the kidlet to bed
and my life became nice and quiet and calm, I actually had no trouble
getting 2cvs to work:
2csv entry vuln:cve-id vuln:cvss/cvss:base_metrics/cvss:score
vuln:summary < nvdcve-2.0-2015.flat > nvdcve-2.0-2015.csv
Thanks
On Mon, 17 Aug 2015, Aleksey Tsalolikhin wrote:
Hello,
I want to get a list of Critical (CVSS > 7) CVE's for a security
vulnerability assessment for a client.
Scored CVEs are available from https://nvd.nist.gov/download.cfm through a
set of XML feeds. The nice NIST web site says:
A common wa
