The XML file is a proprietary format of ToolsWatch.org. [!] [info]: This method will export the CVE as vFeed XML format
example documents that demonstrate how the associated CVE names are
http://www.toolswatch.org/vfeed-the-open-source-correlated-cross-linked-vulnerability-xml-database/
[cve_published]: 2015-01-13T10:59:48.210-05:00
The 'status' attribute may have a value of 'draft' or 'verified', indicating how far along the investigation of the flaw has progressed.
--- Snip ---. USA | Healthcare.gov
The version of the upstream project that fixes the flaw. and resources that you have listed under "CVE" in your index. identify individual security elements, the capability allows the
Database
Fear Act Policy, Disclaimer
identifies security elements (recommended): Give detailed examples and explanations of how a "find" or "search"
CVEID: CVE-2020-4195 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details. If your company has an existing Red Hat account, your organization administrator can grant you access. through get_cwe method as depicted below:
capability by looking for their associated CVE name or through an
published="2015-01-13T10:59:48.210-05:00"/>
Please let us know.
a list, by examining a coverage map, or by some other
NIST does
get_oval | get_nmap | get_nessus | get_openvas
NJ OUCHN @toolswatch
Current Description .
and date the following statement about your tools efficiency in identification
| FOIA |
mapping that links each element with its associated CVE name(s),
of security elements (required): "As an authorized representative of my organization and to
If you have any questions, please contact customer service. [progress 1 %] receiving 483328 out of 43325357 Bytes of vfeed.db.tgz. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). GUI provides a "find" or "search" function for the
https://github.com/toolswatch/vFeed. [info] Available vFeed methods:
----------
FOR TOOLS ONLY - Have an authorized individual sign
.
associated CVE names for the individual security elements in the
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.".
If you are a new customer, register now for access to product evaluations and purchasing capabilities. [-] CVE-2008-0745 | CVSS Base :7.5
Describe how and where your capability indicates
Contains product name and CPE, and Erratum link, type, and release date.
[cve_published]:
may have information that would be of interest to you. https://github.com/toolswatch/vFeed/wiki/3-vFeed-methods. [+] Querying information for CVE-2014-0160 ...
1 Exploit DB sploits Found
Here is an excerpt of CVE-2014-10038 correlated with available public information,
No
CVE Identifier to your Capability (required): Describe the mechanism used for reviewing CVE for content changes (required): Describe the source of your CVE content (required): Provide a copy, or directions to its location,
The parameter supports Perl compatible regular expressions. If one of the capability’s standard electronic documents
CVE name(s) (required): Briefly describe how the associated CVE names are
Command ('SQL Injection')" url="https://cwe.mitre.org/data/definitions/89"/>
CVE-2015-0232
#python vfeedcli.py get_latest
Alternately, provide directions to where these "CVE" items are posted
Describe how and where you explain to your customers the timeframe they
Give detailed examples and explanations of how,
Give detailed examples and explanations of how a
the facts presented on these sites.
Useful when performing
[cve_modified]: 2015-01-14T15:11:21.137-05:00.
Contains product name and CPE, package (src.rpm) name, and fix state, which is one of ['Affected','Fix deferred','New','Not affected','Will not fix']. Give detailed examples and explanations of how a user can obtain a
name (required): [cve_description]: SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.toolswatch.org/vfeed/
[usage 3]: python ./vfeedcli.py search |
online mapping that links each element of the capability with its
The XML file is a proprietary format of ToolsWatch.org. [!] [info]: This method will export the CVE as vFeed XML format
example documents that demonstrate how the associated CVE names are
http://www.toolswatch.org/vfeed-the-open-source-correlated-cross-linked-vulnerability-xml-database/
[cve_published]: 2015-01-13T10:59:48.210-05:00
The 'status' attribute may have a value of 'draft' or 'verified', indicating how far along the investigation of the flaw has progressed.
--- Snip ---. USA | Healthcare.gov
The version of the upstream project that fixes the flaw. and resources that you have listed under "CVE" in your index. identify individual security elements, the capability allows the
Database
Fear Act Policy, Disclaimer
identifies security elements (recommended): Give detailed examples and explanations of how a "find" or "search"
CVEID: CVE-2020-4195 DESCRIPTION: IBM API Connect could allow a remote attacker to hijack the clicking action of the victim. Vulnerability Details. If your company has an existing Red Hat account, your organization administrator can grant you access. through get_cwe method as depicted below:
capability by looking for their associated CVE name or through an
published="2015-01-13T10:59:48.210-05:00"/>
Please let us know.
a list, by examining a coverage map, or by some other
NIST does
get_oval | get_nmap | get_nessus | get_openvas
NJ OUCHN @toolswatch
Current Description .
and date the following statement about your tools efficiency in identification
| FOIA |
mapping that links each element with its associated CVE name(s),
of security elements (required): "As an authorized representative of my organization and to
If you have any questions, please contact customer service. [progress 1 %] receiving 483328 out of 43325357 Bytes of vfeed.db.tgz. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). GUI provides a "find" or "search" function for the
https://github.com/toolswatch/vFeed. [info] Available vFeed methods:
----------
FOR TOOLS ONLY - Have an authorized individual sign
.
associated CVE names for the individual security elements in the
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.".
If you are a new customer, register now for access to product evaluations and purchasing capabilities. [-] CVE-2008-0745 | CVSS Base :7.5
Describe how and where your capability indicates
Contains product name and CPE, and Erratum link, type, and release date.
[cve_published]:
may have information that would be of interest to you. https://github.com/toolswatch/vFeed/wiki/3-vFeed-methods. [+] Querying information for CVE-2014-0160 ...
1 Exploit DB sploits Found
Here is an excerpt of CVE-2014-10038 correlated with available public information,
No
CVE Identifier to your Capability (required): Describe the mechanism used for reviewing CVE for content changes (required): Describe the source of your CVE content (required): Provide a copy, or directions to its location,
The parameter supports Perl compatible regular expressions. If one of the capability’s standard electronic documents
CVE name(s) (required): Briefly describe how the associated CVE names are
Command ('SQL Injection')" url="https://cwe.mitre.org/data/definitions/89"/>
CVE-2015-0232
#python vfeedcli.py get_latest
Alternately, provide directions to where these "CVE" items are posted
Describe how and where you explain to your customers the timeframe they
Give detailed examples and explanations of how,
Give detailed examples and explanations of how a
the facts presented on these sites.
Useful when performing
[cve_modified]: 2015-01-14T15:11:21.137-05:00.
Contains product name and CPE, package (src.rpm) name, and fix state, which is one of ['Affected','Fix deferred','New','Not affected','Will not fix']. Give detailed examples and explanations of how a user can obtain a
name (required): [cve_description]: SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.toolswatch.org/vfeed/
[usage 3]: python ./vfeedcli.py search |
online mapping that links each element of the capability with its
the best of my knowledge, normally when our capability reports a specific
your capability’s repository (required): As described in section CR_4.2, vFeed uses different python APIs such as get_cve or search to display CVE information. It returns useful
[info]: This method searches for CVE or CPE.
Have an authorized individual sign and date the
CVEs which affect the product.
0.83 and earlier allows remote attackers to execute arbitrary SQL
link="http://www.exploit-db.com/exploits/30872" type="Exploitation"
Assessment ==> get_oval | get_nmap | get_nessus | get_openvas
NJ OUCHN @toolswatch
Current Description .
and date the following statement about your tools efficiency in identification
| FOIA |
mapping that links each element with its associated CVE name(s),
of security elements (required): "As an authorized representative of my organization and to
If you have any questions, please contact customer service. [progress 1 %] receiving 483328 out of 43325357 Bytes of vfeed.db.tgz. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). GUI provides a "find" or "search" function for the
https://github.com/toolswatch/vFeed. [info] Available vFeed methods:
----------
FOR TOOLS ONLY - Have an authorized individual sign
.
associated CVE names for the individual security elements in the
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.".
If you are a new customer, register now for access to product evaluations and purchasing capabilities. [-] CVE-2008-0745 | CVSS Base :7.5
Describe how and where your capability indicates
Contains product name and CPE, and Erratum link, type, and release date.
[cve_published]:
may have information that would be of interest to you. https://github.com/toolswatch/vFeed/wiki/3-vFeed-methods. [+] Querying information for CVE-2014-0160 ...
1 Exploit DB sploits Found
Here is an excerpt of CVE-2014-10038 correlated with available public information,
No
CVE Identifier to your Capability (required): Describe the mechanism used for reviewing CVE for content changes (required): Describe the source of your CVE content (required): Provide a copy, or directions to its location,
The parameter supports Perl compatible regular expressions. If one of the capability’s standard electronic documents
CVE name(s) (required): Briefly describe how the associated CVE names are
Command ('SQL Injection')" url="https://cwe.mitre.org/data/definitions/89"/>
CVE-2015-0232
#python vfeedcli.py get_latest
Alternately, provide directions to where these "CVE" items are posted
Describe how and where you explain to your customers the timeframe they
Give detailed examples and explanations of how,
Give detailed examples and explanations of how a
the facts presented on these sites.
Useful when performing
[cve_modified]: 2015-01-14T15:11:21.137-05:00.
Contains product name and CPE, package (src.rpm) name, and fix state, which is one of ['Affected','Fix deferred','New','Not affected','Will not fix']. Give detailed examples and explanations of how a user can obtain a
name (required): [cve_description]: SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.toolswatch.org/vfeed/
[usage 3]: python ./vfeedcli.py search |
online mapping that links each element of the capability with its
