Packages

Zercurity records every application (OSX), package (Linux) and program (Windows) installed across your assets. We collectively refer to these as packages.

Table view

../_images/packages.png
  • Risk Zercurity uses colours to colour-code the severity of risk.
  • Name The name of the package. For some common packages, you can click to find out more information about the package and its source of origin.
  • Version A version number for the package. If the package is out-of-date then the risk icon will be at least a yellow colour.
  • Assets The number of Assets that currently have this package installed.
  • Published The date this package was either first seen or released by the publisher. You can click the package name to find out more.
  • First installed The date the package was first installed across all assets.

Package view

../_images/package.png

Provides a unified overview of the package’s state. This includes any vulnerabilities assigned to the given package or newer and historical package information.

Historical view

Provides a history of risk changes made to the package.

Vulnerabilities view

../_images/package_vulnerabilities.png

Provides a list of assigned CVEs against a given package.

  • Name The CVE name and corresponding CVSS severity score.
  • Package The version of the package.
  • Vulnerable Version The vulnerable version that package maintainers identified before a fix was issued.
  • Fixed Version The fixed package that remedied the vulnerability.
  • Source Where we found this information. Maybe be user contributed. The source is usually accompanied by a corresponding source id or SID. This id that refers the the external sources Id.
  • Published When the vulnerability was first published.
  • Description A short description of the vulnerability.
  • CVSSv2 CVSSv2 scoring information. More information can be found here about how the scores are calculated and what they mean. https://www.first.org/cvss/v2/guide

Versions view

Provides a list of other versions for a given package. These versions may be newer or older.

../_images/package_versions.png
  • Filename The filename of the package that was processed.
  • Version The version of the package.
  • Owner The email address and/or name of the maintainer of the package
  • Published The date and time of when the package was published.