You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've built a small script that retrieves all installed Linux packages (RedHat, Oracle Linux, Ubuntu, etc.), along with the package names and versions.
The goal of this script is to identify the CVEs associated with these packages, if available.
From what I understand, I would need to convert the package names and versions to CPE (Common Platform Enumeration), and then use that to fetch the relevant CVEs. Does that sound correct?
Based on your report, which tools or code snippets could assist me in achieving this? Or, do you have any database or CSV file that maps Linux packages and their versions to their corresponding CVEs?
The text was updated successfully, but these errors were encountered:
If you are using RedHat, Oracle Linux, Ubuntu, etc., it is a good idea to use the vulnerability information provided by the vendor.
Take a look at this tool. https://github.com/vulsio/goval-dictionary
If vulnerability information is not provided by the vendor, you can convert the package name and version to CPE and match it to find the CVE. However, please note that the version described in the NVD may differ from the version of the package provided by the vendor as a backport.
Hey Boss,
Firstly you are my superhero , amazing work
I have a question.
I've built a small script that retrieves all installed Linux packages (RedHat, Oracle Linux, Ubuntu, etc.), along with the package names and versions.
The goal of this script is to identify the CVEs associated with these packages, if available.
From what I understand, I would need to convert the package names and versions to CPE (Common Platform Enumeration), and then use that to fetch the relevant CVEs. Does that sound correct?
Based on your report, which tools or code snippets could assist me in achieving this? Or, do you have any database or CSV file that maps Linux packages and their versions to their corresponding CVEs?
The text was updated successfully, but these errors were encountered: