Application only returning CVE's from 2016 or below about developingdataproducts HOT 7 CLOSED

from developingdataproducts.

Hey,

I understand that the database behind https://kill3rbee.shinyapps.io/vFeedCve/ is outdated.
But for my local installation, I have downloaded the database only 2-3 days ago.

When using the python wrapper on my local install I can view CVE's from 2017:

ssirt@DT-vFeed:/var/www/html/vFeed$ python vfeedcli.py -m get_cve CVE-2017-6666 [ { "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6666", "summary": "A vulnerability in the forwarding component of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an authenticated, local attacker to cause the router to stop forwarding data traffic across Traffic Engineering (TE) tunnels, resulting in a denial of service (DoS) condition. More Information: CSCvd16665. Known Affected Releases: 6.2.11.BASE. Known Fixed Releases: 6.1.3 6.1.2 6.3.1.8i.BASE 6.2.11.8i.BASE 6.2.2.9i.BASE 6.1.32.11i.BASE 6.1.31.10i.BASE 6.1.4.3i.BASE.", "id": "CVE-2017-6666", "modified": "2017-07-07T21:29:15.053-04:00", "published": "2017-06-13T02:29:00.973-04:00" } ]

But when using vFeedCVE which I have installed, it only can return CVE's from 2016 and below (See attachment). I cannot figure out why this is, as the database clearly contains CVE's from 2017.

Thanks,
Julian.

from developingdataproducts.

@toolswatch ahhh after looking through the code, I completely understand now. Thanks for the help :)

from developingdataproducts.

@Julznova Thanks for the comments. I have not pushed code to github. I need to download latest information and update my data. I am looking at improving visualization soon.

I also want to add some remediation prioritization using some of form of machine learning. I love @toolwatch. I will update the data on the site in a week. its just pushing new rds file.

from developingdataproducts.

We love you too guys :)
You can add a statement for people wanting to run vFeedCVE locally that they must register and download the vFeed CE version. It is FREE !!!

Thanks again for your great job and I already covered about this app last year (https://vfeed.io/exploratory-analysis-of-vfeed-database-using-shiny-app/)

from developingdataproducts.

@toolswatch..Wow i did not know you had written an article about it. You know what, lets work together so that i can get the shiny app to latest data or I could use the vFeed CE version.
I will work on making the visualization much nicer using Sunburst visualization is if I can use it on this type of data.
Let me know any statement you want me to add and will gladly do so. This is what I will do. I will download vFeed CE and get shiny app to read data directly from it. That way anyone who wants to use Shiny app will have to download your free version.

Will keep you posted

from developingdataproducts.

@Julznova I have updated the visualization for the shiny app. It is not completed yet. I have to write comments for help menu as well as verify that all urls are still validate. Was kinda slow in R, so I wrote a python script that will verify all urls shown in Advisory or Remediation column. ExploitDB column, I generate those and they do work. Under visualization tab, I will add Web vulnerability visualization.
https://kill3rbee.shinyapps.io/vFeedCve/

@toolwatch. I signed up to the community database. The documentation is not clear on how updates are received. I had to google and found out that you do send an email once a month when you release update.

from developingdataproducts.