|
CVE Reference Key/Maps
Reference Key
Each reference used in CVE has the following structure:
SOURCE: NAME
-
SOURCE is an alphanumeric keyword.
(Examples: "BUGTRAQ", "OVAL", etc.)
-
NAME is a single line of ASCII text and can include colons and spaces.
(Examples: "BUGTRAQ: Posting to Bugtraq mailing list"; "OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition"; etc.)
Where possible, the NAME is selected to facilitate searches on a SOURCE's Web site. For references that do not have a well-defined identifier, a release date and/or subject header may be included.
Reference Order
References are typically listed in the order below:
-
Initial announcement
-
Response team advisory
-
Vendor acknowledgement/advisory
-
All other public sources
Sources
Reference Maps
The information sources listed below publish documents that are used as references for CVE identifiers. Click on the source to view a map from the source's references to the associated CVE names. Alternatively, you may download all of the reference maps.
The reference maps listed below use data from CVE Version 20061101
and identifiers that were active as of 2016-04-01
:
AIXAPAR AIX APAR (Authorized Problem Analysis Report)
ALLAIRE Allaire Security Bulletin
APPLE Apple Security Update
ASCEND Ascend vendor acknowledgement
ATSTAKE @stake security advisory
-
CVE reference map for source ATSTAKE
-
Notes: These advisories were once located at
http://www.atstake.com/research/advisories/, but there is no central
location since @stake was acquired by Symantec.
AUSCERT AUSCERT advisory
BEA BEA security advisory
BID Security Focus Bugtraq ID database entry
●CVE reference map for source BID
●Source URL: http://online.securityfocus.com/bid
●Notes: In very old versions of CVE, the BID used to be "SF".
BINDVIEW BindView security advisory
●CVE reference map for source BINDVIEW
●Notes: These advisories were formerly stored at
http://razor.bindview.com/publish/index.shtml
BUGTRAQ Posting to Bugtraq mailing list
●CVE reference map for source BUGTRAQ
●Source URL: http://www.securityfocus.com/archive/1
●Notes:
CALDERA Caldera security advisory
●CVE reference map for source CALDERA
●Source URL: http://www.calderasystems.com/support/security/
●Notes: Caldera/SCO advisories are at http://stage.caldera.com/support/security/
CERT CERT/CC Advisories
●CVE reference map for source CERT
●Source URL: http://www.cert.org/advisories
CERT-VN CERT/CC vulnerability note
●CVE reference map for source CERT-VN
●Source URL: http://www.kb.cert.org/vuls
CHECKPOINT Check Point Alert
●CVE reference map for source CHECKPOINT
●Source URL: http://www.checkpoint.com/defense/advisories/public/summary.html
CIAC DOE CIAC (Computer Incident Advisory Center) bulletins
●CVE reference map for source CIAC
●Source URL: http://ciac.llnl.gov/cgi-bin/index/bulletins
CISCO Cisco security advisory
●CVE reference map for source CISCO
●Source URL: http://www.cisco.com/en/US/products/products_security_advisories_listing.html
COMPAQ COMPAQ Service Security Patch
●CVE reference map for source COMPAQ
●Source URL: http://ftp.support.compaq.com/patches/.new/security.html
CONECTIVA Conectiva Linux advisory
●CVE reference map for source CONECTIVA
●Source URL: http://lwn.net/Alerts/Conectiva/
●Notes: The official archive used to be at
http://distro.conectiva.com.br/atualizacoes/, but this site was
removed when Mandriva was formed.
CONFIRM URL to location where vendor confirms that the problem exists
●CVE reference map for source CONFIRM
●Notes: This source is only used when a vendor confirms an issue with its own
advisory, but the vendor is not otherwise a CVE reference source. The
URL for the confirmation is specified in the name. Note that in some
cases, the provider may have deleted or overwritten the portion of the
web page that acknowledged the vulnerability or exposure.
DEBIAN Debian Linux Security Information
●CVE reference map for source DEBIAN
●Source URL: http://www.debian.org/security/
EEYE eEye security advisory
●CVE reference map for source EEYE
●Source URL: http://research.eeye.com/html/advisories/index.html
EL8 EL8 advisory
●CVE reference map for source EL8
ENGARDE En Garde Linux advisory
●CVE reference map for source ENGARDE
●Source URL: http://lwn.net/Alerts/EnGarde/
ERS IBM ERS/BRS advisories
●CVE reference map for source ERS
EXPLOIT-DB Exploits Database
●CVE reference map for source EXPLOIT-DB
●Source URL: http://www.exploit-db.com
FEDORA Fedora Project security advisory
●CVE reference map for source FEDORA
●Source URL: http://www.redhat.com/archives/fedora-announce-list/
FREEBSD FreeBSD security advisory
●CVE reference map for source FREEBSD
●Source URL: http://www.freebsd.org/security/
FRSIRT French Security Incident Response Team (FrSIRT) Database
●CVE reference map for source FRSIRT
●Source URL: http://www.vupen.com/english/
●Notes: FrSIRT was renamed to VUPEN in 2009.
FULLDISC Full-Disclosure mailing list
●CVE reference map for source FULLDISC
●Source URL: http://lists.grok.org.uk/pipermail/full-disclosure/
FarmerVenema "Improving the Security of Your Site by Breaking Into it" paper by Dan Farmer and Wietse Venema
●CVE reference map for source FarmerVenema
●Source URL: http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
GENTOO Gentoo Linux security advisory
●CVE reference map for source GENTOO
●Source URL: http://www.gentoo.org/security/en/glsa/
HERT HERT security advisory
●CVE reference map for source HERT
●Notes: This reference source is obsolete. References using this source will
be replaced with the original Bugtraq posts that contained these
advisories.
HP HP security advisories
●CVE reference map for source HP
●Source URL: http://archives.neohapsis.com/archives/hp/
●Notes:
The official HP web site is difficult to navigate and link to. It is
not easy to quickly access advisories. Thus an unofficial URL is
recommended over the official URL, since it is not possible to
construct and disseminate an official URL.
As of February 2006, this URL might help:
http://www.itrc.hp.com/service/cki/secBullArchive.do
Otherwise, to use the official HP site, follow these instructions:
- http://us-support.external.hp.com/
- You must register on the site to obtain these advisories
- Select "Search Technical Knowledge Base" under "Maintenance and Support"
- Select "Security Bulletin Archive" under "Related Links"
- The advisory number is in the last component of the advisory name,
e.g. "HPSBUX9910-104" is HP's advisory number 104, whose description
on this page is "104 Security Advisory regarding automountd"
HPBUG HP bug/patch ID
●CVE reference map for source HPBUG
●Notes: This source is no longer being used.
IBM IBM ERS/BRS advisories
●CVE reference map for source IBM
IDEFENSE iDEFENSE advisory
●CVE reference map for source IDEFENSE
●Source URL: http://labs.idefense.com/intelligence/vulnerabilities/
IMMUNIX Immunix Linux advisory
●CVE reference map for source IMMUNIX
●Source URL: http://download.immunix.org/ImmunixOS/
●Notes: Advisories are in the "updates" directory of the directory for the
affected Immunix OS version. Example: IMNX-2001-70-035-01 is in the
7.0/updates directory.
INFOWAR INFOWAR security advisory
●CVE reference map for source INFOWAR
●Notes: This reference source is obsolete. References using this source will
be replaced with the original Bugtraq posts that contained these
advisories.
ISS ISS Security Advisory
●CVE reference map for source ISS
●Source URL: http://www.iss.net/threats/ThreatList.php
JVN Japanese CERT (JPCERT) vulnerability notes
●CVE reference map for source JVN
●Source URL: http://jvn.jp/en/report/index.html
JVNDB JVN iPedia
●CVE reference map for source JVNDB
●Source URL: http://jvndb.jvn.jp/
KSRT KSR[T] Security Advisory
●CVE reference map for source KSRT
●Source URL: http://www.ksrt.org
L0PHT L0pht Security Advisory
●CVE reference map for source L0PHT
MANDRAKE Mandrake Linux security advisory
●CVE reference map for source MANDRAKE
●Source URL: http://lwn.net/Alerts/Mandrake/
MANDRIVA Mandriva security advisory
●CVE reference map for source MANDRIVA
●Source URL: http://www.mandriva.com/security/advisories
MILW0RM milw0rm exploit web site
●CVE reference map for source MILW0RM
●Source URL: http://www.milw0rm.com/
MISC Miscellaneous URL
●CVE reference map for source MISC
●Notes: This is a general-purpose source that is used when a reference cannot
be described using a more precise SOURCE label. The URL is encoded
within the name portion of the reference. When a CVE contains a MISC
reference that points to a vendor statement about a vulnerability,
there is no guarantee that the vendor statement actually addresses the
given CVE; for example, the vendor might make a vague statement that
potentially could map to multiple different CVEs. A MISC reference
does not necessarily help the user to distinguish among
vulnerabilities.
MLIST generic reference form for miscellaneous mailing lists
●CVE reference map for source MLIST
●Notes: This is used for identifying miscellaneous mailing lists.
MS Microsoft Security Bulletin
●CVE reference map for source MS
●Source URL: http://www.microsoft.com/technet/security/current.aspx
MSKB Microsoft Knowledge Base article
●CVE reference map for source MSKB
●Source URL: http://support.microsoft.com/search/
NAI NAI Labs security advisory
●CVE reference map for source NAI
●Notes: NAI was acquired by McAfee.
NETBSD NetBSD Security Advisory
●CVE reference map for source NETBSD
●Source URL: http://www.netbsd.org/Security/advisory.html
NETECT Netect security advisory
●CVE reference map for source NETECT
●Notes: This source has been obsoleted, as BindView acquired Netect in 1999.
References using this source may be changed to BINDVIEW in a future
version of CVE.
NTBUGTRAQ Posting to NTBugtraq mailing list
●CVE reference map for source NTBUGTRAQ
●Source URL: http://www.ntbugtraq.com/default.asp?pid=36&sid;=1
OPENBSD OpenBSD Security Advisory
●CVE reference map for source OPENBSD
●Source URL: http://www.openbsd.org/security.html
OPENPKG OpenPKG security advisory
●CVE reference map for source OPENPKG
●Source URL: http://www.openpkg.com/security/advisories/
OSVDB Open Source Vulnerability Database (OSVDB) entry
●CVE reference map for source OSVDB
●Source URL: http://osvdb.org/
OVAL Open Vulnerability Assessment Language (OVAL) vulnerability definition
●CVE reference map for source OVAL
●Source URL: http://oval.mitre.org
REDHAT Security advisories
●CVE reference map for source REDHAT
●Source URL: http://www.redhat.com/support/errata/index.html
RSI Repent Security, Inc. security advisory
●CVE reference map for source RSI
●Notes: This source is regarded as obsolete. RSI references will be augmented
by the original Bugtraq postings.
SCO SCO security bulletins
●CVE reference map for source SCO
●Source URL: http://www.sco.com/support/security/index.html
SECTRACK SecurityTracker Alerts
●CVE reference map for source SECTRACK
●Source URL: http://www.securitytracker.com
SECUNIA Secunia Advisories
●CVE reference map for source SECUNIA
●Source URL: http://secunia.com/advisories/
SEKURE Sekure security advisory
●CVE reference map for source SEKURE
●Notes: This source is regarded as obsolete. SEKURE references will be replaced
by the original Bugtraq postings.
SF-INCIDENTS posting to Security Focus Incidents mailing list
●CVE reference map for source SF-INCIDENTS
●Source URL: http://www.securityfocus.com/templates/archive.pike?list=75
SGI SGI Security Advisory
●CVE reference map for source SGI
●Source URL: http://www.sgi.com/support/security/advisories.html
SLACKWARE Slackware security advisory
●CVE reference map for source SLACKWARE
●Source URL: http://www.slackware.com/security/
SNI Secure Networks, Inc. security advisory
●CVE reference map for source SNI
●Notes: SNI was acquired by NAI, which was later acquired by McAfee.
SREASON SecurityReason SecurityAlert
●CVE reference map for source SREASON
●Source URL: http://securityreason.com/security_alert
●Notes: NOTE: CVE mappings for this source were provided by SecurityReason and
automatically added into CVE. They were not reviewed by MITRE.
SREASONRES SecurityReason Research Advisory
●CVE reference map for source SREASONRES
●Source URL: http://securityreason.com/research
SUN Sun security bulletin
●CVE reference map for source SUN
●Source URL: http://search.sun.com/main/index.jsp?col=main-support-sunalerts&oneof;=security
&nh;=100&rf;=1&type;=advanced&optstat;=true
SUNALERT Sun security alert
●CVE reference map for source SUNALERT
●Source URL: http://search.sun.com/main/index.jsp?col=main-support-sunalerts&oneof;=security
&nh;=100&rf;=1&type;=advanced&optstat;=true
SUNBUG Sun bug ID
●CVE reference map for source SUNBUG
SUSE SuSE Linux: Security Announcements
●CVE reference map for source SUSE
●Source URL: http://www.novell.com/linux/security/advisories.html
TRUSTIX Trustix Security Advisory
●CVE reference map for source TRUSTIX
●Source URL: http://www.trustix.net/errata/
TURBO TurboLinux advisory
●CVE reference map for source TURBO
●Source URL: http://www.turbolinux.com/security/
UBUNTU Ubuntu Linux security advisory
●CVE reference map for source UBUNTU
●Source URL: http://www.ubuntu.com/usn/
URL General placeholder for recording URL's in candidates
●CVE reference map for source URL
VIM Vulnerability Information Managers mailing list
●CVE reference map for source VIM
●Source URL: http://www.attrition.org/pipermail/vim/
VULN-DEV Posting to VULN-DEV mailing list
●CVE reference map for source VULN-DEV
●Source URL: http://online.securityfocus.com/archive/82/
VULNWATCH VulnWatch mailing list
●CVE reference map for source VULNWATCH
●Source URL: http://archives.neohapsis.com/archives/vulnwatch/
VUPEN VUPEN Security Database
●CVE reference map for source VUPEN
●Source URL: http://www.vupen.com/english/
WIN2KSEC Win2KSecAdvice mailing list
●CVE reference map for source WIN2KSEC
●Source URL: http://archives.neohapsis.com/archives/win2ksecadvice/
XF X-Force Vulnerability Database
●CVE reference map for source XF
●Source URL: http://xforce.iss.net
Back to top
|
|
