cve_manager is not importing all CPEs for current CVEs #9
Comments
axel-sch
pushed a commit
to axel-sch/cve_manager
that referenced
this issue
Jun 17, 2021
CPE from node was not imported if child CPE's had been defined. Now CPE(s) from node AND child are imported. Removed also redundant import implementation of node CPE(s).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It was observed that the import of CPEs is done only partially in CVE manager. Important CPEs for OS are mostly missing.
The JSON ZIP file from are correclty download and also those JSON files have the CVEs with the correct CPEs assigned. But the import function of CVE Manager does not import all CPEs.
Following example CPEs are affected:
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*Those example CVE's doesn't have a CPE link to the above list (just a cut-out):
Windows Server 2016: CVE-2021-28447,CVE-2021-28446,CVE-2021-28445,CVE-2021-28444,CVE-2021-28443,CVE-2021-28442,CVE-2021-28441,CVE-2021-28440,CVE-2021-28439,CVE-2021-28438,CVE-2021-28437,CVE-2021-28436,CVE-2021-28435,CVE-2021-28434,CVE-2021-28358,CVE-2021-28357,CVE-2021-28356
Windows 10: CVE-2021-28447,CVE-2021-28446,CVE-2021-28445,CVE-2021-28444,CVE-2021-28443,CVE-2021-28442,CVE-2021-28441,CVE-2021-28440,CVE-2021-28439,CVE-2021-28438,CVE-2021-28437,CVE-2021-28436,CVE-2021-28435,CVE-2021-28434,CVE-2021-28358,CVE-2021-28357,CVE-2021-28356,CVE-2021-28355,CVE-2021-28354,CVE-2021-28353,CVE-2021-28352
The text was updated successfully, but these errors were encountered: