|
|
CVE Reference Key/Maps
Reference Key
Each reference used in CVE has the following structure:
SOURCE: NAME
- SOURCE is an alphanumeric keyword.
(Examples: "BUGTRAQ", "OVAL", etc.) - NAME is a single line of ASCII text and can include colons and spaces.
(Examples: "BUGTRAQ: Posting to Bugtraq mailing list"; "OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition"; etc.)
Where possible, the NAME is selected to facilitate searches on a SOURCE's website. For references that do not have a well-defined identifier, a release date and/or subject header may be included.
Reference Order
References are typically listed in the order below:
- Initial announcement
- Response team advisory
- Vendor acknowledgement/advisory
- All other public sources
Sources
Reference Maps
The information sources listed below publish documents that are used as references for CVE Entries. Click on the source to view a map from the source's references to the associated CVE Entries. Alternatively, you may download all of the reference maps.
AIXAPAR AIX APAR (Authorized Problem Analysis Report)
- CVE reference map for source AIXAPAR
- Source URL: http://www-01.ibm.com/support/search.wss?rs=0&apar=only
- Notes: If the search.wss URL doesn't find the APAR, then also try: http://techsupport.services.ibm.com/rs6k/fixdb.html or http://techsupport.services.ibm.com/server/aix.CAPARdb
ALLAIRE Allaire Security Bulletin
- CVE reference map for source ALLAIRE
- Notes: Allaire was acquired by Macromedia, which was then acquired by Adobe.
APPLE Apple Security Update
ASCEND Ascend vendor acknowledgement
ATSTAKE @stake security advisory
- CVE reference map for source ATSTAKE
- Notes: These advisories were once located at http://www.atstake.com/research/advisories/, but there is no central location since @stake was acquired by Symantec.
AUSCERT AUSCERT advisory
- CVE reference map for source AUSCERT
- Source URL: http://www.auscert.org.au/Information/advisories.html
BEA BEA security advisory
- CVE reference map for source BEA
- Source URL: http://dev2dev.bea.com/advisoriesnotifications/index.csp
BID Security Focus Bugtraq ID database entry
- CVE reference map for source BID
- Source URL: http://online.securityfocus.com/bid
- Notes: In very old versions of CVE, the BID used to be "SF".
BINDVIEW BindView security advisory
- CVE reference map for source BINDVIEW
- Notes: These advisories were formerly stored at http://razor.bindview.com/publish/index.shtml
BUGTRAQ Posting to Bugtraq mailing list
CALDERA Caldera security advisory
- CVE reference map for source CALDERA
- Source URL: http://www.calderasystems.com/support/security/
- Notes: Caldera/SCO advisories are at http://stage.caldera.com/support/security/
CERT CERT/CC Advisories
CERT-VN CERT/CC vulnerability note
CHECKPOINT Check Point Alert
- CVE reference map for source CHECKPOINT
- Source URL: http://www.checkpoint.com/defense/advisories/public/summary.html
CIAC DOE CIAC (Computer Incident Advisory Center) bulletins
CISCO Cisco security advisory
- CVE reference map for source CISCO
- Source URL: http://www.cisco.com/en/US/products/products_security_advisories_listing.html
COMPAQ COMPAQ Service Security Patch
- CVE reference map for source COMPAQ
- Source URL: http://ftp.support.compaq.com/patches/.new/security.html
CONECTIVA Conectiva Linux advisory
- CVE reference map for source CONECTIVA
- Source URL: http://lwn.net/Alerts/Conectiva/
- Notes: The official archive used to be at http://distro.conectiva.com.br/atualizacoes/, but this site was removed when Mandriva was formed.
CONFIRM URL to location where vendor confirms that the problem exists
- CVE reference map for source CONFIRM
- Notes: This source is only used when a vendor confirms an issue with its own advisory, but the vendor is not otherwise a CVE reference source. The URL for the confirmation is specified in the name. Note that in some cases, the provider may have deleted or overwritten the portion of the web page that acknowledged the vulnerability or exposure.
DEBIAN Debian Linux Security Information
EEYE eEye security advisory
EL8 EL8 advisory
ENGARDE En Garde Linux advisory
ERS IBM ERS/BRS advisories
EXPLOIT-DB Exploits Database
FEDORA Fedora Project security advisory
- CVE reference map for source FEDORA
- Source URL: http://www.redhat.com/archives/fedora-announce-list/
FREEBSD FreeBSD security advisory
FRSIRT French Security Incident Response Team (FrSIRT) Database
- CVE reference map for source FRSIRT
- Source URL: http://www.vupen.com/english/
- Notes: FrSIRT was renamed to VUPEN in 2009.
FULLDISC Full-Disclosure mailing list
- CVE reference map for source FULLDISC
- Source URL: http://lists.grok.org.uk/pipermail/full-disclosure/
FARMERVENEMA "Improving the Security of Your Site by Breaking Into it" paper by Dan Farmer and Wietse Venema
- CVE reference map for source FARMERVENEMA
- Source URL: http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
GENTOO Gentoo Linux security advisory
HERT HERT security advisory
- CVE reference map for source HERT
- Notes: This reference source is obsolete. References using this source will be replaced with the original Bugtraq posts that contained these advisories.
HP HP security advisories
- CVE reference map for source HP
- Source URL: http://archives.neohapsis.com/archives/hp/
- Notes: The official HP web site is difficult to navigate and link to. It is not easy to quickly access advisories. Thus an unofficial URL is recommended over the official URL, since it is not possible to construct and disseminate an official URL. As of February 2006, this URL might help: http://www.itrc.hp.com/service/cki/secBullArchive.do Otherwise, to use the official HP site, follow these instructions: - http://us-support.external.hp.com/ - You must register on the site to obtain these advisories - Select "Search Technical Knowledge Base" under "Maintenance and Support" - Select "Security Bulletin Archive" under "Related Links" - The advisory number is in the last component of the advisory name, e.g. "HPSBUX9910-104" is HP's advisory number 104, whose description on this page is "104 Security Advisory regarding automountd"
HPBUG HP bug/patch ID
- CVE reference map for source HPBUG
- Notes: This source is no longer being used.
IBM IBM ERS/BRS advisories
IDEFENSE iDEFENSE advisory
- CVE reference map for source IDEFENSE
- Source URL: http://labs.idefense.com/intelligence/vulnerabilities/
IMMUNIX Immunix Linux advisory
- CVE reference map for source IMMUNIX
- Source URL: http://download.immunix.org/ImmunixOS/
- Notes: Advisories are in the "updates" directory of the directory for the affected Immunix OS version. Example: IMNX-2001-70-035-01 is in the 7.0/updates directory.
INFOWAR INFOWAR security advisory
- CVE reference map for source INFOWAR
- Notes: This reference source is obsolete. References using this source will be replaced with the original Bugtraq posts that contained these advisories.
ISS ISS Security Advisory
JVN Japanese CERT (JPCERT) vulnerability notes
JVNDB JVN iPedia
KSRT KSR[T] Security Advisory
- CVE reference map for source KSRT
- Source URL: http://www.ksrt.org
L0PHT L0pht Security Advisory
MANDRAKE Mandrake Linux security advisory
MANDRIVA Mandriva security advisory
MILW0RM milw0rm exploit web site
- CVE reference map for source MILW0RM
- Notes: This source has been obsoleted since milw0rm was shut down and its database transfered to Offensive Security in November 2009. References using this source have been changed to EXPLOIT-DB.
MISC Miscellaneous URL
- CVE reference map for source MISC
- Notes: This is a general-purpose source that is used when a reference cannot be described using a more precise SOURCE label. The URL is encoded within the name portion of the reference. When a CVE contains a MISC reference that points to a vendor statement about a vulnerability, there is no guarantee that the vendor statement actually addresses the given CVE; for example, the vendor might make a vague statement that potentially could map to multiple different CVEs. A MISC reference does not necessarily help the user to distinguish among vulnerabilities.
MLIST generic reference form for miscellaneous mailing lists
- CVE reference map for source MLIST
- Notes: This is used for identifying miscellaneous mailing lists.
MS Microsoft Security Bulletin
MSKB Microsoft Knowledge Base article
NAI NAI Labs security advisory
- CVE reference map for source NAI
- Notes: NAI was acquired by McAfee.
NETBSD NetBSD Security Advisory
NETECT Netect security advisory
- CVE reference map for source NETECT
- Notes: This source has been obsoleted, as BindView acquired Netect in 1999. References using this source may be changed to BINDVIEW in a future version of CVE.
NTBUGTRAQ Posting to NTBugtraq mailing list
- CVE reference map for source NTBUGTRAQ
- Source URL: http://www.ntbugtraq.com/default.asp?pid=36&sid=1
OPENBSD OpenBSD Security Advisory
OPENPKG OpenPKG security advisory
OSVDB Open Source Vulnerability Database (OSVDB) entry
- CVE reference map for source OSVDB
- Source URL: http://osvdb.org/
OVAL Open Vulnerability Assessment Language (OVAL) vulnerability definition
REDHAT Security advisories
RSI Repent Security, Inc. security advisory
- CVE reference map for source RSI
- Notes: This source is regarded as obsolete. RSI references will be augmented by the original Bugtraq postings.
SCO SCO security bulletins
SECTRACK SecurityTracker Alerts
SECUNIA Secunia Advisories
SEKURE Sekure security advisory
- CVE reference map for source SEKURE
- Notes: This source is regarded as obsolete. SEKURE references will be replaced by the original Bugtraq postings.
SF-INCIDENTS posting to Security Focus Incidents mailing list
- CVE reference map for source SF-INCIDENTS
- Source URL: http://www.securityfocus.com/templates/archive.pike?list=75
SGI SGI Security Advisory
SLACKWARE Slackware security advisory
SNI Secure Networks, Inc. security advisory
- CVE reference map for source SNI
- Notes: SNI was acquired by NAI, which was later acquired by McAfee.
SREASON SecurityReason SecurityAlert
- CVE reference map for source SREASON
- Source URL: http://securityreason.com/security_alert
- Notes: CVE mappings for this source were provided by SecurityReason and automatically added into CVE. They were not reviewed by MITRE.
SREASONRES SecurityReason Research Advisory
SUN Sun security bulletin
- CVE reference map for source SUN
- Source URL: http://search.sun.com/main/index.jsp?col=main-support-sunalerts&oneof=security&nh=100&rf=1&type=advanced&optstat=true
SUNALERT Sun security alert
- CVE reference map for source SUNALERT
- Source URL: http://search.sun.com/main/index.jsp?col=main-support-sunalerts&oneof=security&nh=100&rf=1&type=advanced&optstat=true
SUNBUG Sun bug ID
SUSE SuSE Linux: Security Announcements
TRUSTIX Trustix Security Advisory
TURBO TurboLinux advisory
UBUNTU Ubuntu Linux security advisory
VIM Vulnerability Information Managers mailing list
VULN-DEV Posting to VULN-DEV mailing list
VULNWATCH VulnWatch mailing list
- CVE reference map for source VULNWATCH
- Source URL: http://archives.neohapsis.com/archives/vulnwatch/
VUPEN VUPEN Security Database
WIN2KSEC Win2KSecAdvice mailing list
- CVE reference map for source WIN2KSEC
- Source URL: http://archives.neohapsis.com/archives/win2ksecadvice/
XF X-Force Vulnerability Database