all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Automating CVE search

Add to bookmarks
Oct. 26, 2023, 11:24 a.m. | dh0ck

System Weakness - Medium systemweakness.com

I was recently automating the search for CVEs affecting some assets. A real life saver for automating this process is to use CPE codes (Common Platform Enumeration). This standard indicates in different fields things like a vendor for a product, the product itself, its version, etc, following:

cpe:<cpe_version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>:<sw_edition>:<target_sw>:<target_hw>:<other>

(https://en.wikipedia.org/wiki/Common_Platform_Enumeration)

For example, part can have the values “a” (application), “o” (operating system) and “h” (hardware).

The following endpoint of NIST’s NVD returns CVEs discovered in a range of dates: …

cpe cve cybersecurity hacking vulnerability

Visit resource

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 1 day, 1 hour ago | systemweakness.com
attacks business compromise confidentiality +13
How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 1 day, 1 hour ago | systemweakness.com
access active directory applications authentication +15
OSI Model & TCP/IP Comparison 1 day, 1 hour ago | systemweakness.com
access communication deals frameworks +14
First AD home lab 1 day, 21 hours ago | systemweakness.com
access active directory building can +17
3 Steps to protect yourself from Prompt Injection 1 day, 21 hours ago | systemweakness.com
prompt-engineering prompt injection security
Clocky | TryHackMe Write-up 2 days, 19 hours ago | systemweakness.com
ctf ctf-writeup tryhackme tryhackme-walkthrough +1
Bypassing Aquatone’s lack of ability to take screenshots of private websites 2 days, 19 hours ago | systemweakness.com
automation cybersecurity hacking pentesting +1
Tuesday Morning Threat Report: Apr 30, 2024 2 days, 19 hours ago | systemweakness.com
analysis artificial intelligence bad customers +21
Staying Anonymous — Ethical Hacking as a Beginner [09] 2 days, 19 hours ago | systemweakness.com
anonymous beginner communication cybersecurity +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

QA Customer Response Engineer

@ ORBCOMM | Sterling, VA Office, Sterling, VA, US
View on infosec-jobs.com

Enterprise Security Architect

@ Booz Allen Hamilton | USA, TX, San Antonio (3133 General Hudnell Dr) Client Site
View on infosec-jobs.com

DoD SkillBridge - Systems Security Engineer (Active Duty Military Only)

@ Sierra Nevada Corporation | Dayton, OH - OH OD1
View on infosec-jobs.com

Senior Development Security Analyst (REMOTE)

@ Oracle | United States
View on infosec-jobs.com

Software Engineer - Network Security

@ Cloudflare, Inc. | Remote
View on infosec-jobs.com

Software Engineer, Cryptography Services

@ Robinhood | Toronto, ON
View on infosec-jobs.com
View more jobs