vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
GPL-3.0 License
Bot releases are visible (Hide)
Published by MaineK00n over 2 years ago
What's new in v0.19.3
TL;DR
- Fedora support https://github.com/future-architect/vuls/pull/1367
- trivy v0.23.0 support https://github.com/future-architect/vuls/pull/1377
How it works
Vulnerable Fedora Environment Setup
Deliberately downgrade the mysql package so that FEDORA-MODULAR-2021-217f84c072 is detected.
- Dockerfile
FROM fedora:35
RUN dnf -y install openssh-server glibc-langpack-en
RUN mkdir /var/run/sshd
RUN sed -i 's/#\?PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
RUN sed -i 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
COPY .ssh/id_rsa.pub /root/authorized_keys
RUN mkdir ~/.ssh && \
mv ~/authorized_keys ~/.ssh/authorized_keys && \
chmod 0600 ~/.ssh/authorized_keys
RUN ssh-keygen -A
RUN rm -rf /run/nologin
EXPOSE 22
# Vuls Setting
RUN dnf -y install dnf-utils which lsof iproute
# FEDORA-MODULAR-2021-217f84c072
RUN dnf module install -y mysql && dnf downgrade -y mysql
CMD ["/usr/sbin/sshd", "-D"]
check community-mysql package version
$ docker build -t vuls-target -f Dockerfile .
$ docker run --rm -itd -p 2222:22 vuls-target
$ ssh -i ~/.ssh/id_rsa -p 2222 [email protected]
[root@615d6b9247ec /]# cat /etc/fedora-release
Fedora release 35 (Thirty Five)
[root@615d6b9247ec /]# rpm -qa | grep community-mysql
community-mysql-common-8.0.26-1.module_f35+12627+b26747dd.x86_64
community-mysql-8.0.26-1.module_f35+12627+b26747dd.x86_64
community-mysql-errmsg-8.0.26-1.module_f35+12627+b26747dd.x86_64
community-mysql-server-8.0.26-1.module_f35+12627+b26747dd.x86_64
Vulnerability Detection (dnf updateinfo --security vs vuls report)
dnf updateinfo --security
The mysql package we just installed is a modular package, so the advisory starting with FEDORA-MODULAR- should be presented.
However, the actual advisory provided relates to a non-modular package of the same name.
[root@615d6b9247ec /]# dnf updateinfo --security --info
Last metadata expiration check: 0:02:24 ago on Thu Feb 3 04:47:52 2022.
===============================================================================
community-mysql-8.0.27-1.fc35
===============================================================================
Update ID: FEDORA-2021-46dc82116b
Type: security
Updated: 2021-11-10 02:52:52
Bugs: 2015421 - community-mysql-8.0.27 is available
: 2016141 - CVE-2021-2478 CVE-2021-2479 CVE-2021-2481 CVE-2021-35546 CVE-2021-35575 CVE-2021-35577 CVE-2021-35591 CVE-2021-35596 CVE-2021-35597 CVE-2021-35602 CVE-2021-35604 CVE-2021-35607 CVE-2021-35608 CVE-2021-35610 ... community-mysql: various flaws [fedora-all]
Description: **MySQL 8.0.27**
:
: Release notes:
:
: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html
Severity: Moderate
vuls
vuls report
FixedIn is displayed correctly as module to module!
$ vuls report --format-full-text
...
+----------------+----------------------------------------------------------------------------------+
| CVE-2021-35610 | FIXED |
+----------------+----------------------------------------------------------------------------------+
| Max Score | 7.1 MODERATE (redhat_api) |
| redhat_api | 7.1/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H MODERATE |
| nvd | 7.1/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H HIGH |
| jvn | 7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H HIGH |
| Vendor | 4.0-6.9 MODERATE |
| nvd | 5.5/AV:N/AC:L/Au:S/C:N/I:P/A:P MEDIUM |
| jvn | 5.5/AV:N/AC:L/Au:S/C:N/I:P/A:P MEDIUM |
| Summary | **MySQL 8.0.27** Release notes: |
| | https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-27.html |
| Primary Src | https://www.oracle.com/security-alerts/cpuoct2021.html |
| Primary Src | https://nvd.nist.gov/vuln/detail/CVE-2021-35610 |
| Primary Src | https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2021-217f84c072 |
| Patch | https://www.oracle.com/security-alerts/cpuoct2021.html |
| Affected Pkg | community-mysql-8.0.26-1.module_f35+12627+b26747dd |
| | -> 8.0.27-1.module_f35+13269+c9322734 (FixedIn: |
| | 0:8.0.27-1.module_f35+13269+c9322734) (updates-modular) |
| Affected Pkg | community-mysql-common-8.0.26-1.module_f35+12627+b26747dd |
| | -> 8.0.27-1.module_f35+13269+c9322734 (FixedIn: |
| | 0:8.0.27-1.module_f35+13269+c9322734) (updates-modular) |
| Affected Pkg | community-mysql-errmsg-8.0.26-1.module_f35+12627+b26747dd |
| | -> 8.0.27-1.module_f35+13269+c9322734 (FixedIn: |
| | 0:8.0.27-1.module_f35+13269+c9322734) (updates-modular) |
| Affected Pkg | community-mysql-server-8.0.26-1.module_f35+12627+b26747dd |
| | -> 8.0.27-1.module_f35+13269+c9322734 (FixedIn: |
| | 0:8.0.27-1.module_f35+13269+c9322734) (updates-modular) |
| Confidence | 100 / OvalMatch |
| CWE | NVD-CWE-noinfo: (nvd) |
| CWE | https://cwe.mitre.org/data/definitions/NVD-CWE-noinfo.html |
+----------------+----------------------------------------------------------------------------------+
...
vuls tui
Looking at the TUI, we have succeeded in getting the advisory we really want: FEDORA-MODULAR-2021-217f84c072!
What's Changed
- chore: update git submodule for integration test by @kotakanbe in https://github.com/future-architect/vuls/pull/1364
- fix(scanner/base) export libFile struct by @sadayuki-matsuno in https://github.com/future-architect/vuls/pull/1365
- fix(scanner/base) export libFile fields by @sadayuki-matsuno in https://github.com/future-architect/vuls/pull/1366
- feat(libscan): support trivy v0.23.0 by @kotakanbe in https://github.com/future-architect/vuls/pull/1377
- fix(oval): fix query in PostgreSQL by @MaineK00n in https://github.com/future-architect/vuls/pull/1372
- feat(alpine): add Alpine 3.14, 3.15 EOL by @MaineK00n in https://github.com/future-architect/vuls/pull/1359
- fix(gost): add nil check by @MaineK00n in https://github.com/future-architect/vuls/pull/1379
- fix(centos): identify CentOS and CentOS Stream by @MaineK00n in https://github.com/future-architect/vuls/pull/1360
- feat(fedora): support fedora by @maito1201 in https://github.com/future-architect/vuls/pull/1367
- chore(oval): update mod by @MaineK00n in https://github.com/future-architect/vuls/pull/1385
New Contributors
- @maito1201 made their first contribution in https://github.com/future-architect/vuls/pull/1367
Full Changelog: https://github.com/future-architect/vuls/compare/v0.19.2...v0.19.3
Published by github-actions[bot] almost 3 years ago
Updated Trivy dependencies.
pom.xml Support
pom (pseudo)
============
Total: 4 (Critical:2 High:1 Medium:1 Low:0 ?:0)
4/4 Fixed, 1 poc, 0 exploits, cisa: 1, uscert: 0, jpcert: 0 alerts
0 installed, 2 libs
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
| CVE-ID | CVSS | ATTACK | POC | ALERT | FIXED | NVD |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
| CVE-2021-44228 | 10.0 | AV:N | POC | CISA | fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-44228 |
| CVE-2021-45046 | 10.0 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-45046 |
| CVE-2021-45105 | 7.5 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-45105 |
| CVE-2021-44832 | 6.9 | | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-44832 |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
Go binary Support
gobinary (pseudo)
=================
Total: 2 (Critical:0 High:1 Medium:0 Low:0 ?:1)
2/2 Fixed, 0 poc, 0 exploits, cisa: 0, uscert: 0, jpcert: 0 alerts
0 installed, 1 libs
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
| CVE-ID | CVSS | ATTACK | POC | ALERT | FIXED | NVD |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
| CVE-2020-14040 | 8.9 | AV:N | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14040 |
| CVE-2021-38561 | 0.0 | | | | fixed | https://nvd.nist.gov/vuln/detail/CVE-2021-38561 |
+----------------+------+--------+-----+-----------+---------+-------------------------------------------------+
What's Changed
- chore(deps): bump github.com/aquasecurity/trivy from 0.20.0 to 0.22.0 by @dependabot in https://github.com/future-architect/vuls/pull/1350
New Contributors
- @dependabot made their first contribution in https://github.com/future-architect/vuls/pull/1350
Full Changelog: https://github.com/future-architect/vuls/compare/v0.19.1...v0.19.2
Published by github-actions[bot] almost 3 years ago
Vuls0.19.1 should be used with go-kev v0.1.0.
The schema of go-kev v0.1.0 has changed, so you will need to recreate the database.
For details, see https://github.com/vulsio/go-kev/releases/tag/v0.1.0
Changelog
- a3f7d1d feat(go-kev): update go-kev deps (#1352)
- bb4a1ca GPLv3 (#1351)
- 57cce64 Create SECURITY.md
- 1eb5d36 fix configtest stalled with scanMode=fast-root (#1339)
- 6bc4850 fix(detector/ospkg): Skip OVAL/gost search when the number of packages is 0 (#1343)
- 24005ae chore(GHActions): replace with dependabot (#1348)
- 7aa296b fix(oval): fix RDB query (#1347)
- 3829ed2 Fix the parsing logic of FreeBSD pkg-audit (#1334)
- 2b7294a feat(amazon): support amazon linux 2022 (#1338)
Published by github-actions[bot] almost 3 years ago
What's new in v0.19.0
TL;DR
- Cybersecurity & Infrastructure Security Agency (CISA) has released a list of CVE-IDs whose attack codes are publicly available and are actually used in real-world attacks (called the Known Exploited Vulnerabilities (KEV) Catalog).
- vulsio/go-kev now manages KEV Catalog information.
- Vuls v0.19.0 works with vulsio/go-kev to display alerts for CVE-IDs in the KEV Catalog.
How it works
vuls report
$ vuls report
...
vuls-target (debian10.11)
=========================
Total: 225 (Critical:20 High:79 Medium:95 Low:16 ?:15)
0/222 Fixed, 67 poc, 0 exploits, cisa: 2, uscert: 4, jpcert: 6 alerts
218 installed
+---------------------+------+--------+-----+-----------+---------+---------------------------------------------------+
| CVE-ID | CVSS | ATTACK | POC | ALERT | FIXED | NVD |
+---------------------+------+--------+-----+-----------+---------+---------------------------------------------------+
...
| CVE-2021-42013 | 9.8 | AV:N | POC | CISA/CERT | | https://nvd.nist.gov/vuln/detail/CVE-2021-42013 |
...
| CVE-2021-41524 | 7.5 | AV:N | | CERT | | https://nvd.nist.gov/vuln/detail/CVE-2021-41524 |
| CVE-2021-41773 | 7.5 | AV:N | POC | CISA/CERT | | https://nvd.nist.gov/vuln/detail/CVE-2021-41773 |
| CVE-2008-4609 | 7.1 | AV:N | | CERT | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2008-4609 |
...
vuls tui
What is the Known Exploited Vulnerabilities Catalog?
On November 3, 2021, Cybersecurity & Infrastructure Security Agency (CISA) released Binding Operational Directive 22-1 (BOD 22-1) for government agencies.
In BOD 22-1, Known Exploited Vulnerabilities (KEV) Catalog, which is "a list of CVE-IDs whose attack code is available and is actually used in real-world attacks", was published.
BOD22-1 requires that if a vulnerability listed in the KEV Catalog exists in a U.S. government system, it must be fixed within a specified period of time and in a specified method.
Currently, CVEs are scored under the Common Vulnerability Scoring System (CVSS). CVSS does not take into consideration whether a vulnerability has ever been used to exploit a system in the wild. The CVEs listed in the KEV Catalog are a collection of real threats that have been used to compromise systems in the real world.
Reference
- BOD 22-1: https://cyber.dhs.gov/bod/22-01/
- Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Changelog
0c6a892 style: fix lint (#1335)
89d94ad feat(detector): add known exploited vulnerabilities (#1331)
ffdb789 update dictionaries (#1326)
321dae3 chore: update readme
a31797a Merge branch 'sakura'
32999cf chore: udpate readme
88218f5 chore: update sponsor (#1325)
1576193 chore: update sponsor
0b62842 chore: fix go-sqlite3 deps (#1324)
6bcedde chore: update goval-dictionary (#1323)
2dcbff8 chore: sponsor (#1321)
Published by github-actions[bot] about 3 years ago
Changelog
8659668 fix(cpescan): bug in NvdVendorProductMatch (#1320)
e07b6a9 feat(report): show Amazon ALAS link to report (#1318)
aac5ef1 feat: update-trivy (#1316)
d780a73 add log json option (#1317)
9ef8cee refactor(exploitdb): use pipeline effectively (#1314)
77808a2 feat(go-cve): add error handling (#1313)
177e553 feat(go-exploitdb): add error handling (#1310)
40f8272 feat(go-msfdb): add error handling and support http mode (#1308)
a7eb114 feat(gost): add error handling (#1311)
c73ed7f chore: update find-lock file type (#1309)
Published by github-actions[bot] about 3 years ago
The schema of the DB and Reis has been changed.
Please update each dictionary, delete the old DB, and then fetch it again.
NOTE
In this Release, we are changing the architecture of Redis.
// delete all old key
$ redis-cli keys "CVE#*" | xargs redis-cli del
$ redis-cli keys "EXPLOIT#*" | xargs redis-cli del
$ redis-cli keys "METASPLOIT#*" | xargs redis-cli del
$ redis-cli keys "OVAL#*" | xargs redis-cli del
We recommend vulsctl/docker, which will automatically upgrade vuls and the dictionary binaries every time you run it.
https://github.com/vulsio/vulsctl/tree/master/docker
Changelog
f047a6f breaking-change: Update vuls-dictionaries (#1307)
Published by github-actions[bot] about 3 years ago
These repositories have been moved under vulsio as follows.
- kotakanbe/goval-dictionary => vulsio/goval-dictionary
- kotakanbe/go-cve-dictionary => vulsio/go-cve-dictionary
- knqyf263/gost => vulsio/gost
- takuzoo3868/go-msfdb => vulsio/go-msfdb
Documentation has been updated.
https://github.com/vulsdoc/vuls/pull/169/files
Changelog
7f15a86 chore: change repository owner (#1306)
Published by github-actions[bot] about 3 years ago
Changelog
da1e515 breaking-change(goval): change-redis-architecture (#1305)
Published by github-actions[bot] about 3 years ago
Please use this release with the latest version of dictionaries such as goval-dictonary, etc.
Old dictionaries can't detect it correctly.
Since the DB schema has been changed, you have to delete the DB and fetch it again.
Changelog
591786f feat(oval): support new goval-dictionary model (#1280)
47e6ea2 chore: fix lint warning (#1301)
4a72295 feat(saas): support for library-only scanning (#1300)
9ed5f2c feat(debian): support Debian 11(bullseye) (#1298)
Published by github-actions[bot] about 3 years ago
Changelog
3e67f04 breaking-change(cpescan): Improve Cpe scan (#1290)
b9416ae fix(report): too many SQL variables (#1296)
b4e49e0 feat(GAdocker): Publish docker image with Github Actions (#1291)
020f6ac fix(scan): warning if err occurred while scanning ports (#1294)
7e71cbd fix(gost) sort in ms converter (#1293)
1003f62 chore: update go-cve-dictionary (#1292)
9b18e1f breaking-change(go-exploitdb): support new go-exploitdb (#1288)
24f790f feat(go-cve): update go-cve-dictionary (#1287)
fb8749f fix(cpescan): fix confidence in cpe uri scan (#1286)
96c3592 breaking-change(go-cve-dict): support new go-cve-dictionary (#1277)
d65421c fix(cpescan): JVN scan False-Negative on RDB-backend (#1283)
c52ba44 chore: update readme (#1282)
21adce4 update readme
f24240b feat(library): update trivy v0.19.2 (#1278)
ff83cad feat(os) : support Alma Linux (#1261)
e8c0928 Update ubuntu.go (#1279)
5f4d68c feat(go-msf): update deps (#1275)
9077a83 fix(docker): docker build error (#1274)
Published by github-actions[bot] over 3 years ago
Changelog
543dc99 fix(cpescan): CpeVendorProductMatch not set when Redis Backend (#1273)
f0b3a8b feat(cpescan): Use JVN as a second DB for CPE scan (#1268)
0b9ec05 Support scanning Ubuntu using Gost (#1243)
0bf1241 fix(rocky): fix Scan in Rocky Linux (#1266)
0ea4d58 fix(gost): Use DBDriver ctx in Psuedo (#1264)
5755b00 feat(os) : support Rocky linux (#1260)
1c8e074 Feat report googlechat (#1257) (#1258)
0e0e5ce feat: Support Ubuntu21 (#1231)
23dfe53 chore: update go-exploitdb (#1262)
8e6351a feat(oval): goval-dictionary update (#1259)
3086e27 fix Ubuntu 20.10 End of Life on July 22 2021 (#1256)
b8db2e0 feat(report): Change the priority of CVE information in Debian (#1202)
43b46cb chore: add test data for integration test (#1254)
d0559c7 chore: update gost deps (#1253)
231c63c fix(libscan): support empty LibraryFixedIn (#1252)
2a9aebe fix(report): improve cpe match logic (#1251)
4e535d7 chore: fix build-tags in .goreleaser.yml (#1250)
4b48750 chore: add go.sum test data for integration test (#1249)
0095c40 fix(vet): go vet err of make build-scanner (#1248)
82c1abf fix(report): detection logic bugs for Oracle Linux (#1247)
4098840 feat(scanner) separate func analize libraries (#1246)
e8e3f4d feat(lib): support of Go (go.sum) scan (#1244)
7eb77f5 feat(scan): support external port scanner(nmap) in host machine (#1207)
e115235 fix(test): dev mode to false in package-lock.json (#1242)
151d4b2 fix(scan): Avoid panic when SSH connection refused (#1236)
e553f8b feat(trivy): go mod update trivy v0.17.2 (#1235)
47652ef fix(report): include the num of criticals in total #1233 (#1234)
ab0e950 fix(oracle): extracting only advisory ID from OVAL.title (#1232)
a7b0ce1 refactor(git-conf): config template in github section changed (#1229)
dc9c0ed refactor(git-conf): Specifing ignoreGitHubDismissed per repository (#1224)
17ae386 chore: add a test case #1227 (#1228)
2d369d0 Fix false positive for Oracle Linux (#1227)
c36e645 fix(report): false positive for kernel-related CVE for RedHat, CentOS, Oracle and Amazon #1199 (#1223)
40039c0 fix(report): panic when closing db connection of gost (#1222)
a692cec fix(gost): close gost DB connection in server mode #1217 (#1221)
e7ca491 fix(report): Avoid http reports error (#1216)
23f3e2f fix(config): add Ubuntu 20.10 (#1218)
27b3e17 feat(saas): delete json dir automatically after upload (#1212)
Published by github-actions[bot] over 3 years ago
Changelog
a6e53e4 fix build-tags
4b48750 chore: add go.sum test data for integration test (#1249)
0095c40 fix(vet): go vet err of make build-scanner (#1248)
82c1abf fix(report): detection logic bugs for Oracle Linux (#1247)
4098840 feat(scanner) separate func analize libraries (#1246)
e8e3f4d feat(lib): support of Go (go.sum) scan (#1244)
7eb77f5 feat(scan): support external port scanner(nmap) in host machine (#1207)
e115235 fix(test): dev mode to false in package-lock.json (#1242)
151d4b2 fix(scan): Avoid panic when SSH connection refused (#1236)
e553f8b feat(trivy): go mod update trivy v0.17.2 (#1235)
47652ef fix(report): include the num of criticals in total #1233 (#1234)
ab0e950 fix(oracle): extracting only advisory ID from OVAL.title (#1232)
a7b0ce1 refactor(git-conf): config template in github section changed (#1229)
dc9c0ed refactor(git-conf): Specifing ignoreGitHubDismissed per repository (#1224)
17ae386 chore: add a test case #1227 (#1228)
2d369d0 Fix false positive for Oracle Linux (#1227)
c36e645 fix(report): false positive for kernel-related CVE for RedHat, CentOS, Oracle and Amazon #1199 (#1223)
40039c0 fix(report): panic when closing db connection of gost (#1222)
a692cec fix(gost): close gost DB connection in server mode #1217 (#1221)
e7ca491 fix(report): Avoid http reports error (#1216)
23f3e2f fix(config): add Ubuntu 20.10 (#1218)
27b3e17 feat(saas): delete json dir automatically after upload (#1212)
Published by github-actions[bot] over 3 years ago
Changelog
740781a feat(logging): add -log-to-file and don't output to file by default (#1209)
36c9c22 fix(report): avoid nil pointer when report FreeBSD (#1208)
183fdcb fix: support for missing files in the results or results directory (#1206)
a2a6979 refactor: move const to constant pkg (#1205)
Published by github-actions[bot] over 3 years ago
Changelog
6fef4db fix .goreleaser.yml (#1204)
e879ff1 feat(scanner) export pkg list scan method (#1203)
9bfe062 refactor: don't use global Config in private func (#1197)
0179f42 fix(trivy-to-vuls): converts even if null vulnerabilities (#1201)
56017e5 feat(trivy): update trivy (#1196)
cda91e0 refactor: loading owasp dependency check xml (#1195)
5d47adb fix(report): prioritize env vars over config.toml (#1194)
54e73c2 fix(wordpress): enable to detect vulns of WordPress Core (#1193)
2d07507 fix(log): remove log output of opening and migrating db (#1191)
2a8ee4b refactor(report): azure and aws writer (#1190)
1ec31d7 fix(configtest): all servers in the config if no args #1184 (#1189)
02286b0 fix(scan): scan all servers in the config if no args #1184 (#1188)
1d0c5de fix(ubuntu): Fix deferred packages not showing as affected (#1187)
1c4a12c refactor(report): initialize DB connection (#1186)
3f2ac45 Refactor logger (#1185)
518f4dc refactor: VulnDict (#1183)
2cdeef4 refactor(config): validateOnReport (#1182)
0357912 refactor(config): localize config used like a global variable (#1179)
e3c27e1 fix(saas): Don't overwrite config.toml if UUID already set (#1180)
Published by github-actions[bot] over 3 years ago
Changelog
aeaf308 Add test-case to verify proper version comparison in lessThan() (#1178)
f5e47be chore: add a test-case to #1176 (#1177)
50cf13a Pass packInOVAL.Version through centOSVersionToRHEL() to remove the "_" portion so that packInOVAL.Version strings like 1.8.23-10.el7_9.1 become 1.8.23-10.el7.1 (same behavior as newVer, which now allows packInOVAL.Version and newVer to be directly compared). (#1176)
abd8041 fix(scan): yum ps warning for Red Hat family (#1174)
847c643 chore: fix debug message (#1169)
ef8309d chore: remove the heck binary (#1173)
0dff6cf fix(gost/microsoft) add workaround into mitigation (#1170)
Published by github-actions[bot] over 3 years ago
New Features
Display the resolved(patched) CVEs compared to the previous JSON.
--diff option turns on both options -diff-plus and -diff-minus
./vuls tui -diff
./vuls report -format-list -diff
./vuls report -format-full-text -diff
./vuls report -format-one-line-text -diff
Changelog
4c04acb feat(report) : Differences between vulnerability patched items (#1157)
1c4f231 fix(scan): ignore rpm -qf exit status (#1168)
Published by github-actions[bot] over 3 years ago
Changelog
51b8e16 fix(scan): warning if lsof command not found (#1167)
b4611ae fix(scan): fix yum-ps warning Failed to exec which -bash (#1166)
cd67220 fix(scan): yum-ps err Failed to find the package (#1165)
290edff fix(log): output version to log for debugging purpose (#1163)
64a6222 fix(report): set created_at and updated_at of trivy to json (#1162)
adb686b fix(report): set created_at and updated_at of wpscan.com to json (#1161)
d4af341 fix(report): remove duplicated refreshing logic when report with -diff (#1160)
fea7e93 chore: fix comment (#1158)
8b6b8d0 feat(wordpress): define API limit exceed error for wpscan.com (#1155)
4dcbd86 fix(report): set http timeout 10 sec (#1154)
Published by github-actions[bot] over 3 years ago
Changelog
39b1944 Merge branch 'master' of github.com:future-architect/vuls
644d5a5 fix(report): remove retry logic for wpscan.com (#1151)
Published by github-actions[bot] over 3 years ago
Changelog
8e18451 Merge branch 'master' of github.com:future-architect/vuls
3dbdd01 fix(report): wordrpess scanning skipped when package is emtpy (#1150)
a89079c fix(saas) change saas upload s3 key (#1116)
a8c0926 fix(saas) change saas upload s3 key (#1116)
dd2959a fix(eol): add eol for alpine 3.13 (#1149)
51099f4 fix(tui): runtime panic when tui with docker-base-setup (#1148)
63f170c fix(report): set severity in Red Hat OVAL to both CVSS v3 and v2 #1146 (#1147)
3c1489e feat(report): range notion calc by severity when no-cvss-score (#1145)
e4f1e03 feat(github): display GitHub Security Advisory details (#1143)
83d48ec Create codeql-analysis.yml
Published by github-actions[bot] over 3 years ago
Changelog
a8c0926 fix(saas) change saas upload s3 key (#1116)
dd2959a fix(eol): add eol for alpine 3.13 (#1149)
51099f4 fix(tui): runtime panic when tui with docker-base-setup (#1148)
63f170c fix(report): set severity in Red Hat OVAL to both CVSS v3 and v2 #1146 (#1147)
3c1489e feat(report): range notion calc by severity when no-cvss-score (#1145)
e4f1e03 feat(github): display GitHub Security Advisory details (#1143)
83d48ec Create codeql-analysis.yml
