Vulnerability tracking
Demerzel correlates published advisories against the packages actually installed on each server, so you see vulnerabilities that really apply to you — not a generic feed.
How correlation works
- The agent reports the exact package versions installed on each host.
- Demerzel matches them against known CVEs, using distribution-aware version comparison (it understands Debian epochs and revisions, so
3.0.15-1~deb12u1is compared correctly). - A finding records the package, installed version, CVE, severity and the fixed version.
On the server page
Each server’s Vulnerabilities tab lists its findings, most severe first, with the version that fixes each one. Critical and high findings roll up into dashboard Actions.
Freshness matters. If the advisory catalog hasn’t been refreshed recently, Demerzel raises a systemic Action — stale vulnerability data is itself a risk worth flagging.