CVE Reference Key/Maps

Reference Key

Each reference used in CVE has the following structure:

SOURCE: NAME

  • SOURCE is an alphanumeric keyword.
    (Examples: "BUGTRAQ", "OVAL", etc.)
  • NAME is a single line of ASCII text and can include colons and spaces.
    (Examples: "BUGTRAQ: Posting to Bugtraq mailing list"; "OVAL: Open Vulnerability and Assessment Language (OVAL) vulnerability definition"; etc.)

Where possible, the NAME is selected to facilitate searches on a SOURCE's Web site. For references that do not have a well-defined identifier, a release date and/or subject header may be included.

Reference Order

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources

Sources

Reference Maps

The information sources listed below publish documents that are used as references for CVE identifiers. Click on the source to view a map from the source's references to the associated CVE names. Alternatively, you may download all of the reference maps.

Download All Reference Maps - ZIP file (4.6M)
The reference maps listed below use data from CVE Version 20061101 and identifiers that were active as of 2014-09-18 :

AIXAPAR AIX APAR (Authorized Problem Analysis Report)

ALLAIRE Allaire Security Bulletin

APPLE Apple Security Update

ASCEND Ascend vendor acknowledgement

ATSTAKE @stake security advisory

  • CVE reference map for source ATSTAKE
  • Notes: These advisories were once located at http://www.atstake.com/research/advisories/, but there is no central location since @stake was acquired by Symantec.

AUSCERT AUSCERT advisory

BEA BEA security advisory

BID Security Focus Bugtraq ID database entry

BINDVIEW BindView security advisory

BUGTRAQ Posting to Bugtraq mailing list

CALDERA Caldera security advisory

CERT CERT/CC Advisories

CERT-VN CERT/CC vulnerability note

CHECKPOINT Check Point Alert

CIAC DOE CIAC (Computer Incident Advisory Center) bulletins

CISCO Cisco security advisory

COMPAQ COMPAQ Service Security Patch

CONECTIVA Conectiva Linux advisory

CONFIRM URL to location where vendor confirms that the problem exists

  • CVE reference map for source CONFIRM
  • Notes: This source is only used when a vendor confirms an issue with its own advisory, but the vendor is not otherwise a CVE reference source. The URL for the confirmation is specified in the name. Note that in some cases, the provider may have deleted or overwritten the portion of the web page that acknowledged the vulnerability or exposure.

DEBIAN Debian Linux Security Information

EEYE eEye security advisory

EL8 EL8 advisory

ENGARDE En Garde Linux advisory

ERS IBM ERS/BRS advisories

EXPLOIT-DB Exploits Database

FEDORA Fedora Project security advisory

FREEBSD FreeBSD security advisory

FRSIRT French Security Incident Response Team (FrSIRT) Database

FULLDISC Full-Disclosure mailing list

FarmerVenema "Improving the Security of Your Site by Breaking Into it" paper by Dan Farmer and Wietse Venema

GENTOO Gentoo Linux security advisory

HERT HERT security advisory

  • CVE reference map for source HERT
  • Notes: This reference source is obsolete. References using this source will be replaced with the original Bugtraq posts that contained these advisories.

HP HP security advisories

  • CVE reference map for source HP
  • Source URL: http://archives.neohapsis.com/archives/hp/
  • Notes: The official HP web site is difficult to navigate and link to. It is not easy to quickly access advisories. Thus an unofficial URL is recommended over the official URL, since it is not possible to construct and disseminate an official URL. As of February 2006, this URL might help: http://www.itrc.hp.com/service/cki/secBullArchive.do Otherwise, to use the official HP site, follow these instructions: - http://us-support.external.hp.com/ - You must register on the site to obtain these advisories - Select "Search Technical Knowledge Base" under "Maintenance and Support" - Select "Security Bulletin Archive" under "Related Links" - The advisory number is in the last component of the advisory name, e.g. "HPSBUX9910-104" is HP's advisory number 104, whose description on this page is "104 Security Advisory regarding automountd"

HPBUG HP bug/patch ID

IBM IBM ERS/BRS advisories

IDEFENSE iDEFENSE advisory

IMMUNIX Immunix Linux advisory

INFOWAR INFOWAR security advisory

  • CVE reference map for source INFOWAR
  • Notes: This reference source is obsolete. References using this source will be replaced with the original Bugtraq posts that contained these advisories.

ISS ISS Security Advisory

JVN Japanese CERT (JPCERT) vulnerability notes

JVNDB JVN iPedia

KSRT KSR[T] Security Advisory

L0PHT L0pht Security Advisory

MANDRAKE Mandrake Linux security advisory

MANDRIVA Mandriva security advisory

MILW0RM milw0rm exploit web site

MISC Miscellaneous URL

  • CVE reference map for source MISC
  • Notes: This is a general-purpose source that is used when a reference cannot be described using a more precise SOURCE label. The URL is encoded within the name portion of the reference. When a CVE contains a MISC reference that points to a vendor statement about a vulnerability, there is no guarantee that the vendor statement actually addresses the given CVE; for example, the vendor might make a vague statement that potentially could map to multiple different CVEs. A MISC reference does not necessarily help the user to distinguish among vulnerabilities.

MLIST generic reference form for miscellaneous mailing lists

MS Microsoft Security Bulletin

MSKB Microsoft Knowledge Base article

NAI NAI Labs security advisory

NETBSD NetBSD Security Advisory

NETECT Netect security advisory

  • CVE reference map for source NETECT
  • Notes: This source has been obsoleted, as BindView acquired Netect in 1999. References using this source may be changed to BINDVIEW in a future version of CVE.

NTBUGTRAQ Posting to NTBugtraq mailing list

OPENBSD OpenBSD Security Advisory

OPENPKG OpenPKG security advisory

OSVDB Open Source Vulnerability Database (OSVDB) entry

OVAL Open Vulnerability Assessment Language (OVAL) vulnerability definition

REDHAT Security advisories

RSI Repent Security, Inc. security advisory

SCO SCO security bulletins

SECTRACK SecurityTracker Alerts

SECUNIA Secunia Advisories

SEKURE Sekure security advisory

SF-INCIDENTS posting to Security Focus Incidents mailing list

SGI SGI Security Advisory

SLACKWARE Slackware security advisory

SNI Secure Networks, Inc. security advisory

SREASON SecurityReason SecurityAlert

SREASONRES SecurityReason Research Advisory

SUN Sun security bulletin

SUNALERT Sun security alert

SUNBUG Sun bug ID

SUSE SuSE Linux: Security Announcements

TRUSTIX Trustix Security Advisory

TURBO TurboLinux advisory

UBUNTU Ubuntu Linux security advisory

URL General placeholder for recording URL's in candidates

VIM Vulnerability Information Managers mailing list

VULN-DEV Posting to VULN-DEV mailing list

VULNWATCH VulnWatch mailing list

VUPEN VUPEN Security Database

WIN2KSEC Win2KSecAdvice mailing list

XF X-Force Vulnerability Database

 
Page Last Updated: September 18, 2014