I am dealing with a pci audit and the reason given for a failure is this:
CVSS Base Score:4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS Temporal Score:3.4 E:POC/RL:OF/RC:C
Category:General remote services
Vendor Reference:OpenSSH 8.1
There are several tutorials and guides on how to install OpenVAS on FreeBSD; however, recently OpenVAS was renamed to Greenbone Security Assistant, spread across multiple packages and now no longer fits any of the past setup descriptions.
After wading through the documentation myself, I figured...
Package www/firefox returned so many CVE's from pkg aud -F.
So how can I know that all those CVE are patched or not. Some of them are *RESERVED*.
Say status of CVE-5863; CVE-2018-5156 etc. from various web sources of cve.mitre & NVD.
From FreshPorts-VuXML says an older version is vulnerable...
I switched only recently to FreeBSD from Debian GNU/Linux.
Is there an equivalent of debsecan for FreeBSD?
debsecan scans all installed packages and looks for vulnerabilities in the
CVE database: http://www.cvedetails.com
Let me paste it below, dunno how long it will hang on the net.
The Truth about Linux 4.6
by spender » Sat May 14, 2016 1:06 pm
As anticipated in public comments, the Linux Foundation is already beginning a campaign to rewrite...