Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Urgent help please - Linux ,CPE and cve #405

Open
effreetcoin opened this issue Oct 2, 2024 · 1 comment
Open

Urgent help please - Linux ,CPE and cve #405

effreetcoin opened this issue Oct 2, 2024 · 1 comment
Labels

Comments

@effreetcoin
Copy link

Hey Boss,

Firstly you are my superhero , amazing work

I have a question.

I've built a small script that retrieves all installed Linux packages (RedHat, Oracle Linux, Ubuntu, etc.), along with the package names and versions.

The goal of this script is to identify the CVEs associated with these packages, if available.

From what I understand, I would need to convert the package names and versions to CPE (Common Platform Enumeration), and then use that to fetch the relevant CVEs. Does that sound correct?

Based on your report, which tools or code snippets could assist me in achieving this? Or, do you have any database or CSV file that maps Linux packages and their versions to their corresponding CVEs?

@MaineK00n
Copy link
Collaborator

I'm sorry for replying so late.

If you are using RedHat, Oracle Linux, Ubuntu, etc., it is a good idea to use the vulnerability information provided by the vendor.
Take a look at this tool.
https://github.com/vulsio/goval-dictionary

If vulnerability information is not provided by the vendor, you can convert the package name and version to CPE and match it to find the CVE. However, please note that the version described in the NVD may differ from the version of the package provided by the vendor as a backport.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants