23

In order to be informed about critical vulnerabilities in selected products I'd want to subscribe to some list about them. I'd want to configure the list of products by myself.

The question: Where can I get security breach alerts? gives information on general lists, however these provide vulnerability information across all products the list knows about, and all I want to see are advisories about the products/applications/services in my network.

Can I subscribe to CVEs for specific products?

Community
  • 1
Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
  • You might want to check http://security.stackexchange.com/q/486/13909 or http://security.stackexchange.com/q/19980/13909 or https://cassandra.cerias.purdue.edu/CVE_changes/ – MCW Dec 17 '12 at 19:00
  • you can also check https://secureit.io - I built it, ATM it's free, comments are welcome – João Antunes Nov 28 '17 at 12:48
  • 1
    It's a shame this is Closed - There are Answers here that I have not been able to find elsewhere on the web. – cellepo Feb 07 '19 at 20:41
  • @JoãoAntunes when is the last time your application worked? – cellepo Feb 07 '19 at 21:02
  • 1
    how is this question closed? off topic? really? LoL – Toskan Dec 31 '19 at 19:32
  • secalerts.co is also a free service that's been running for nearly 3 years now that does exactly this. Disclaimer: I run it. – Louis Mar 26 '21 at 06:26

4 Answers4

13

Go to CVE Details' Product or Vendor pages. There is "Vulnerability Feeds & Widgets" link there.

It allows you to subscribe to CVEs about selected vendor/product.

Andrei Botalov
  • 5,267
  • 10
  • 45
  • 73
  • 4
    You need search for the vendor and replace the vendor ID within the general URL: http://www.cvedetails.com/vulnerability-feed.php?vendor_id=0&product_id=0&version_id=0&orderby=3&cvssscoremin=0 E.g. Apache vendor: http://www.cvedetails.com/vendor/45/Apache.html You RSS URL is http://www.cvedetails.com/vulnerability-feed.php?vendor_id=45&product_id=0&version_id=0&orderby=3&cvssscoremin=0 – Michael Apr 28 '13 at 10:41
  • 2
    You can then take the RSS feed created by cvedetails and put it into an [ifttt.com](https://ifttt.com) (or something similar) recipe so that it sends you notifications of your choice (e.g. tweets, emails etc). – user30473 Oct 29 '15 at 15:58
  • 1
    CVE Details seems to be pretty neglected. I see recent CVEs in the database, but the site's registration page [has been broken for months](https://cvedetails.uservoice.com/forums/70479-general/suggestions/20536039-fix-registration-and-login-pages). Doesn't exactly promote confidence in the quality of the service. – Phil May 14 '18 at 13:06
  • @Michael +1 for the hack – talonx Nov 20 '18 at 06:16
  • I just went there to check for CVE-2019-5736 (docker/runc, Feb-11th 2019) but it only has vulnerabilities up until 2018. – jotadepicas Feb 13 '19 at 19:33
  • Vulmon Alerts (https://alerts.vulmon.com) is a tool dedicated for only this purpose. You can check it. – Yavuz Sep 09 '21 at 21:36
7

It is possible to make a custom list of products / vendors / keywords using Cassandra service from Purdue University. It is free and allows updates to be emailed.

GoodMirek
  • 71
  • 1
  • 4
3

secunia makes a commercial product that does exactly what you want.

"The Secunia VIM lets you create specific vulnerability management reports for different product categories across your entire IT infrastructure by filtering criteria. So you only get vulnerability alerts and intelligence relevant to your specific needs."

Tate Hansen
  • 13,714
  • 3
  • 40
  • 83
  • Secunia Research service is currently available from Flexera company: https://www.flexera.com/products/software-vulnerability-research/secunia-research.html – GoodMirek Oct 11 '21 at 10:32
0

You can subscribe to this mailing list "bugtraq@securityfocus.com". A lot of vendors and researchers keep updating about new vulnerabilities.

Jor-el
  • 2,061
  • 17
  • 24