CVE Details: The Ultimate Security Vulnerability Datasource
From the webpage:
www.cvedetails.com provides an easy to use web interface to CVE vulnerability data. You can browse for vendors, products and versions and view cve entries, vulnerabilities, related to them. You can view statistics about vendors, products and versions of products. CVE details are displayed in a single, easy to use page, see a sample here.
CVE vulnerability data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology.
Additional data from several sources like exploits from www.exploit-db.com, vendor statements and additional vendor supplied data, Metasploit modules are also published in addition to NVD CVE data. Vulnerabilities are classified by cvedetails.com using keyword matching and cwe numbers if possible, but they are mostly based on keywords.
Unless otherwise stated CVSS scores listed on this site are “CVSS Base Scores” provided in NVD feeds. Vulnerability data are updated daily using NVD feeds. Please visit nvd.nist.gov for more details.
It is hard to say how much data about security issues is kept secret versus how much is made public. What is clear, however, is that organizing the public information leaves a lot to be desired.
Take the CVE advisory on the Superfish issue:
Vulnerability Details : CVE-2015-2077.
In addition to the information on the page you are invited to:
No peeking! Without checking those links, what search string do you think appears in each one?
- Komodia Redirector
- man-in-the-middle attackers
- Superfish
Would you believe, none of the above?
The actual search string is: “CVE-2015-2077.”
Yep, the identifier assigned by the CVE site is used as the search string.
The same is true for the drop down menu, External Links, which searches: Secunia Advisories, XForce Advisories, Vulnerability Details at NVD, Vulnerability Details at Mitre, Nessus Plugins, First CVSS Guide (except for First CVSS Guide, which is A Complete Guide to the Common Vulnerability Scoring System Version 2.0.)
Don’t get me wrong, CVE Details is a great information resource, but bound by the use of its own identifiers. You are going to miss blog posts, tweets, and other materials.
BTW, CVE = Common Vulnerabilities and Exposures.
Enjoy!