What's new in SecDB 24.2

# SecDB

This new version of SecDB brings new features and improvements.

Polished UI, improved support for EPSS, Web & Social references (from Reddit and Mastodon) in CVEs, new Security Advisories and sections (NASL & NVT and Packages), and much more.

Improved the EPSS (Exploit Prediction Scoring System) support

SecDB Portal has recently been added to the list of products that support EPSS and in this new release the EPSS has been enhanced in several areas of the portal.

EPSS can now be found:

• Security Dashboard ⇨ EPSS tab: Top rated CVEs published in the last 30 and 90 days
• CVE page ⇨ EPSS and Timeline tabs: With a candlestick chart of the EPSS score + percentile and in the table of EPSS score changes (e.g. see the CVE-2021-44228)
• CISA KEV page and in all vulnerabilities table (e.g. in CVEs, Weaknesses, Security Advisory etc.): With the latest score and 30 day trend sparkline chart

What is EPSS ?

The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. Our goal is to assist network defenders to better prioritize vulnerability remediation efforts. While other industry standards have been useful for capturing innate characteristics of a vulnerability and provide measures of severity, they are limited in their ability to assess threat. EPSS fills that gap because it uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

CISA KEV

Recently the CISA KEV catalog, which now covers more than 1,000 vulnerabilities, added a new field for vulnerabilities that "Known to be Used in Ransomware Campaigns".

This new field is now available in SecDB on the CISA KEV page and the CVE page as an aid in vulnerability analysis.

Two new charts are available on the CISA KEV page, the CVEs grouped by Vendor and Product ("Circle Packing" chart) and the most common Weaknesses.

CVE page

The CVE page has been redesigned.

A "Web & Social" tab has been added with links to external resources (such as NVD, NIST, CVE.org) and major search engines (DuckDuckGo, Google, etc.) and a section on the most recent Reddit and Mastodon posts (Twitter/X and Bluesky social integration are in WIP).

For CVEs listed in the CISA KEV, a "Known to be Used in Ransomware Campaigns" field has been added in the description section of the CISA KEV and as a "lock" 🔒 icon in the page title.

The readability of CVSS metrics has been improved with the addition of descriptions and graphical elements.

Infamous Vulnerabilities and Attacks

The "infamous vulnerabilities & attacks" now have their own page (e.g. Spectre, Log4Shell, HTTP/2 Rapid Reset Attack) with information for quick search on external sources and social references ("Web & Social" tab), Security Advisories and thanks to integration with the excellent search engine DuckDuckGo, a short description of the vulnerability and other useful information is available (not yet available for all vulnerabilities).

New Packages section

A new section is available with a wide range of package ecosystems (operating system, software libraries) in "purl" format.

A Package URL (aka "purl") is a URL string used to identify and locate a software package in a mostly universal and uniform way across programing languages, package managers, packaging conventions, tools, APIs and databases.

scheme:type/namespace/name@version?qualifiers#subpath

SecDB support most ecosystems and namespaces and use the "purl" (Package URL) format for identify a package or software affected by a vulnerability or issue.

Some examples:

• pkg:pypi/requests
• pkg:cargo/openssl-src
• pkg:composer/codeigniter4/framework
• pkg:deb/debian/firefox-esr
• pkg:rpm/rockylinux/libxml2
• pkg:mozilla/Firefox
• pkg:nginx/nginx

More information about "purl" (Package URL)

• Package URL "purl" specification repository - https://github.com/package-url/purl-spec

Security Advisories galore!

Security Advisory page has been enriched with new sources and data.

• New Security Advisories:
  • Android (AOSP)
  • Apache Tomcat
  • Cisco
  • cURL
  • FreeBSD (from VuXML database)
  • Jenkins ("core" and "plugins")
  • Maven
  • NGINX
  • NPM
  • Xen Project
• Added support for Debian 12.x (Bookworm)
• Added support for AmazonLinux 2022 and AmazonLinux 2023
• Added "Impacts" and "CWEs" fields for some advisories

NASL plugins & NVT scripts

The NASL is a scripting language that is used by vulnerability scanners like Nessus and OpenVAS. With NASL specific attacks can be automated, based on known vulnerabilities.

NASL plugins (Nessus®) & NVT scripts (OpenVAS) section are added to the SecDB to help with vulnerability analysis.

By clicking on the NASL plugin or NVT script (e.g. 155998), you can view a lot of information such as synopsis, remediation, dependencies, references, scores, and more.

Revamped Search

The search page has been improved.

With the new indexing engine, now it's possible to search ~800k entries including CVEs, Advisories, Products, NASL & NVT scripts, etc.

You can change search settings using the menus in search page or via URL parameters by adding them after the search query (for example: /search?q=search&tf=security_advisory&sd=m).

Name	Parameter	Values
Search	q
Date	sd	(empty) - Any date d - Past Day w - Past Week m - Past Month d - Past Year
Filter type	df	cve - Vulnerabilities cwe - Weaknesses security_advisory - Advisories product - Products vendor - Vendors nasl_plugin - NASL & NVT
Sort by	sf	(empty) - Relevance date - Date

Sample search:

• Speculative Attack
• Log4Shell
• Latest Security Advisories for CVE-2023-4879 (Terrapin)
• Weakness with "Injection"

About SecDB

See the About page for more information about SecDB.

Enjoy!

-- YaVS / SecDB Team