cve-portal
cve-portal copied to clipboard
CIRCL
Common Vulnerabilities and Exposures - Portal
LAUNCH.sh: gunicorn -w 4 -b 0.0.0.0:1443 server:app --access-logfile - --error-logfile - --keyfile ../../CA/server.key --certfile ../../CA/server.crt --ca-certs ../../CA/chain.pem run ./LAUNCH.sh alert me : create_sockets raise ValueError('certfile "%s" does not exist' %...
Hey can you change this ? OLD (deprecated) models.py ``` from flask.ext.sqlalchemy import SQLAlchemy from flask.ext.login import UserMixin, AnonymousUserMixin from flask.ext.scrypt import generate_random_salt, generate_password_hash, check_password_hash ``` New 👍 models.py ```...
Hello, Following the install steps i cant pass the part when create.py is executed i got this: Traceback (most recent call last): File "create.py", line 3, in models.db.drop_all() File "/home/vagrant/git/cve-portal/app/virtenv/local/lib/python2.7/site-packages/flask_sqlalchemy/**init**.py",...
Hi, I have an strange behavior: - when I filter Recent CVE with filters **Time Between 09/11/2016 11/11/2016 Published**, CVE-2016-5195 is in the results as expected; - when I filter...
For example, for CVE-2015-4491, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4491 says: ``` Vulnerable software and versions + Configuration 1 * AND * OR * cpe:/a:gnome:gdk-pixbuf:2.31.4 and previous versions * OR cpe:/a:mozilla:firefox_esr:38.0 cpe:/a:mozilla:firefox_esr:38.0.1 cpe:/a:mozilla:firefox_esr:38.0.5 cpe:/a:mozilla:firefox_esr:38.1.0 cpe:/a:mozilla:firefox:39.0.3...
it is possible to send mail alert notification when high ranked cve (cve search) appear ? Or notification portal is a portal who just make a notification in the web...
When email address is changed, confirmation should be reset. If a user change his email user, a new email need to be send for the confirmation. (and the state "confirmed"...
passwords salts should not be stored within the same storage as the password hash to protect the hash in case of database breach.
All json based action should be protected against CSRF. (specifically /delnotif) Others forms seems to be protected with flask's built-in CSRF protection.
Token : change email/reset password These token should not be constructed with a JSON Web Signature because it is vulnerable to an offline bruteforce attack and it provide the ability...