Hello everyone! This episode will be about Microsoft Patch Tuesday for May 2023, including vulnerabilities that were added between April and May Patch Tuesdays.
As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews.
It’s been a long time since we’ve had such tiny Patch Tuesday. 57 CVEs, including CVEs appeared during the month. And only 38 without them! 😄
Hello everyone! This episode will be about Microsoft Patch Tuesday for April 2023, including vulnerabilities that were added between March and April Patch Tuesdays.
As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. And this is the first Patch Tuesday report since I added EPSS support to Vulristics. 😉
Compared to March, Microsoft Patch Tuesday for April 2023 is kind of weak. 🙄
Hello everyone! This episode will be about Microsoft Patch Tuesday for March 2023, including vulnerabilities that were added between February and March Patch Tuesdays.
As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews.
Microsoft Patch Tuesday for March 2023 was quite refreshing. 😈
Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays.
This month I decided to change the format a bit. Now I share my impression of Microsoft Patch Tuesday on the same Patch Tuesday day in my main telegram channel avleonovcom and my second russian telegram channel avleonovrus. You can also find a draft of the Vulristics report there. So please subscribe. And the full blog post/video is published with a delay. And, in fact, this is it.
As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews.
Hello everyone! This episode will be about Microsoft Patch Tuesday for January 2023, including vulnerabilities that were added between December and January Patch Tuesdays.
As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Nessus, Rapid7 and ZDI Patch Tuesday reviews.
Hello everyone! As we saw in the last episode, the results of vulnerability detection for one host produced by two different APIs can vary greatly. Therefore, in order to find out the truth, it is necessary to understand what vulnerability data is provided by the Linux distribution vendor and how this data is structured.
Why is it important to do this? Because using data from a Linux distribution vendor, we can ask vulnerability detection API vendors questions: why are you detecting in a different way than described in this data? And then we will understand what caused the difference. And we will either adjust the API for vulnerability detection, or we will adjust the content of the Linux distribution vendor. Either way, it will be a success! In any case, the transparency of the vulnerability detection process will increase.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. I just had to do the final test. Many thanks to them for this!
How can the support of these two APIs in Scanvus be useful?
Now there is no binding to one vendor. Choose which service and price you prefer.
The set of supported operating systems varies between Vulners.com and Vulns.io. If a particular Linux distribution is not supported by one vendor, it may be supported by another vendor.
Vulners and Vulns.io implemented vulnerability checks independently of each other. If the results differ when scanning the same host/image, then implementation errors will be clearly visible.
Scanvus is released under the MIT license, so you can use it as an example of working with the Vulners.com and Vulns.io APIs and use this code in your projects.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.