cvechecker 0.3 released

Time for a new intermediate cvechecker release, so here it is. Changes include (beyond the usual bugfixes) different CSV output (with some sort of version support) so that it can be easily used for reporting purposes, removal of debugging/verbose items and added example files for reporting.

more ...

cvechecker 0.2 released

I've made version 0.2 available of cvechecker. It fixes some build warnings and also supports the normal "make install" step. The pullcves command now also pulls in the latest versions.dat file. Special thanks to Per Andersson for reporting that the ./configure didn't fail if sqlite3 or libconfig wasn't …

more ...

cvechecker 0.1 released

cvechecker version 0.1 is out. This is the first publicly available development release, so it's still far from production-ready yet. However, it is usable so it can now be publicly analyzed to remove all icky bugs and such. I'm not planning (m)any new features (apart from the reporting …

more ...

HP webcam on Linux

Okay, getting the HP webcam running on Linux wasn't hard at all. Enable Video For Linux (CONFIG_VIDEO_DEV) which can be found in the Linux kernel configuration at Device Drivers, Multimedia Support. Then, select Video capture adapters and inside that menu, select V4L USB devices and then USB Video Class (UVC …

more ...

New laptop, time to play

I gave myself a nice treat and bought a new laptop. After some consideration, I decided to go with the HP Pavilion DV7 3150EB. Years ago, I didn't take an HP laptop as the reviews were not that satisfying. However, it looks as if that is past. So I first …

more ...


cvechecker in development mode

A while ago I had the idea to create a simple tool that checks the CVE database against my current system. It would allow me to check if my system is somewhat up to date (no pending security vulnerabilities), but also to get an automated overview of the various software …

more ...

OVAL, SCAP, CVE, CPE, ...

For a personal POC I wanted to see if it is possible to generate, based on the collection of CVE entries publicly available, a report informing a system administrator about possible vulnerabilities. Nothing fancy, just based upon versions.

A simple example: tool detects Perl, acquires installed Perl version, then matches …

more ...

Listing files of (not) installed software

Everyone that has been using Gentoo for a while now knows about tools such as qlist that show you the list of files installed by an (installed) package, or qfile that allows you to find which package provided a particular file on your system.

One thing lacking is to be …

more ...