Re: could anyone please let me know how to obtain a vulnerability only (CVE) list output

Fri, 13 Nov 2015 09:48:07 -0800 


On 11/12/15 11:58 PM, Jerome Athias wrote:

For "master download" of NVD:

https://nvd.nist.gov/download.aspx


Nice - thanks!


Looks like the CVE content is posted with mappings to vendor 
announcements (RHSA, Cisco SA). e.g.:

http://pastebin.com/RkpdDFXb

I believe you'll need to ping vendors for associated OVAL content.



2015-11-13 1:15 GMT+03:00 Shawn Wells <sh...@redhat.com>:


On 11/10/15 3:04 PM, Su Zhang wrote:

Thanks for your response.
I looked into the doc and found the following description

"The oscap utility maps Red Hat Security Advisories to CVE identifiers
that are linked to the National Vulnerability Database and reports which
security advisories are not applied."

However, does Red Hat security advisories capture all CVEs? Or it only
capture its own product related CVEs? If it does not have a comprehensive
CVEs, then do you know how to incorporate the entire NVD vulnerability data?


Definitely a good question, and one we may not be documenting in the best
way.

The Red Hat CVE content reflects authoritative content for *Red Hat*
technologies. For example, RHEL6 CVE data would include "core RHEL," but
also packages that we ship/support, such as our release of Apache included
in Enterprise Linux.

For third party vendors (e.g. MongoDB, Websphere) you'd have to get CVE/OVAL
data directly from them. I'm not aware of a "master download" of NVD,
however they do point you to various vendor content:
https://oval.mitre.org/repository/about/other_repositories.html

CIS recently took over DHS' OVAL repository from MITRE, and it contains many
CVE definitions for Unix/Linux/Windows/VMWare:
https://oval.cisecurity.org/repository/download

--
Shawn Wells
Office of the Chief Technologist
U.S. Public Sector
sh...@redhat.com | 443.534.0130


--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/


--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/





















					Reply via email to