In this article, you will find out how to use the CVE database

SUMMARY

• Searching and browsing CVE references
• View the details of a CVE reference

The CVE database page allows you to consult the latest CVE references.

From this page you will be able to :

Searching and browsing CVE references

The CVE Database page lists the latest CVEs published on the NIST site. The table shows the CVE references and their following characteristics:

• The publication date (MM/DD/YYYY format)
• The most recent CVSS score (v3.1 if available, otherwise V2)
• The name of the publisher affected by the CVE
• The name of the product (software, hardware) affected by the CVE
• The major version of the product affected by the CVE. NB: if the value is "*", all versions of the product are 
• affected. If the value is "-", the product has no version.
• The minor version of the product affected by the CVE.
• The reference(s) of the bulletins in the XMCO database referring to this CVE. Click on the bulletin reference to open it in a new tab.
• The reference(s) of bulletins dealing with an exploit code for this CVE.

By clicking on the header, you can sort the list of CVEs according to the column you click on.

You can also use a set of filters to find a CVE according to:

• The name of the publisher whose product is affected by the CVE (name of the publisher as entered in the CPE affected by the CVE).
• The product affected by the CVE. The list of products adapts to the editor filter (editor name as entered in the CPE affected by the CVE).
• The major version of the product affected by the CVE. The list of major versions is adapted to the product filter (major version as entered in the CPE affected by the CVE).
• The minor version of the product affected by the CVE. This is the non-parsed continuation of the CPE reference.
• The CVE reference in the format CVE-XXXX-XXXX
• The CVSS score of the CVE (any CVE with a score greater than or equal to that indicated)
• The date of publication of the CVE in NIST.

By clicking on the nut, you can select the columns to be displayed in the results. Simply deselect the columns you do not wish to display.

Once you have completed your configuration, click on the "search" button to update the list of CVEs according to your criteria.

You can reset your configuration by clicking on the reset button.

NB:
We synchronise the CVE database with the MITRE every night at 3am (Paris time).

The publisher-product-version breakdown is based on the breakdown of CPE references in their 2.3 version.

In the table, each CVE reference is duplicated for each minor version impacted by the CVE.

Clicking on a CVE reference takes you to its details.

View the details of a CVE reference

The CVE details page is divided into several sections:

General description of the CVE

The following information about the CVE is available on the MITRE website:

1. CVE reference: click on the reference to be redirected to the CVE page on the MITRE site.
2. CVE description: brief description of the CVE
3. Publication: date of publication of the CVE
4. Update : date of update of the CVE
5. First XMCO bulletin: date of publication of the first bulletin linked to the cve
6. CVSS score 3.1 or 2.0. Click on the tab to switch from one score to the other.
7. Decomposition of the CVSS vector associated with the CVE

Yuno content related to vulnerability and MITRE references

1. XMCO bulletins referring to the CVE, with their type and criticality
2. List of action tickets created and referring to this CVE.

3. Bibliography of the CVE

4. List of CPE references (technologies) impacted by the vulnerability.